CVE-2021-20040
- EPSS 6.33%
- Published 08.12.2021 10:15:07
- Last modified 21.11.2024 05:45:50
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
- EPSS 58.57%
- Published 08.12.2021 10:15:07
- Last modified 05.09.2025 18:15:35
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400,...
CVE-2021-20038
- EPSS 94.29%
- Published 08.12.2021 10:15:07
- Last modified 30.07.2025 18:58:44
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA...
CVE-2021-20028
- EPSS 86.7%
- Published 04.08.2021 19:15:08
- Last modified 14.03.2025 16:47:20
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier