Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-20034 — Improper Access Control in Sma100

CWE-284 — Improper Access Control CWE-22 — Path Traversal CWE-269 — Improper Privilege Management6 documents6 sources

Severity

9.1CRITICALNVD

EPSS

5.8%

top 9.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sonicwall SMA 200 Firmware Sonicwall SMA 210 Firmware Sonicwall SMA 400 Firmware +3 more

Timeline

PublishedSep 27

Latest updateApr 17

Description

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages6 packages

▶CVEListV5sonicwall/sma10010.2.0.7-34sv and earlier, 10.2.1.0-17sv and earlier, 9.0.0.10-28sv and earlier+2

▶NVDsonicwall/sma_500v10.2.0.0 — 10.2.0.7-34sv+2

▶NVDsonicwall/sma_200_firmware10.2.0.0 — 10.2.0.7-34sv+2

▶NVDsonicwall/sma_210_firmware10.2.0.0 — 10.2.0.7-34sv+2

▶NVDsonicwall/sma_400_firmware10.2.0.0 — 10.2.0.7-34sv+2

🔴Vulnerability Details

GHSA

GHSA-vfqg-fwg4-f3vx: An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrar↗2022-05-24

▶

CVEList

CVE-2021-20034: An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrar↗2021-09-27

▶

💥Exploits & PoCs

Exploit-DB

SonicWall SMA 10.2.1.0-17sv - Password Reset↗2021-10-20

▶

🔍Detection Rules

Suricata

ET WEB_SERVER SonicWall SMA Unauthenticated handleWAFRedirect CGI Arbitrary File Deletion (CVE-2021-20034)↗2025-04-17

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: NPA Agent (Flexnet) — CVE-2018-20034↗2021-10-15

▶