Published: 08/12/2021 Updated: 13/05/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated malicious user to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and previous versions versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_200_firmware 10.2.1.2-24sv
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_210_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 10.2.1.2-24sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.1.2-24sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.1.2-24sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_500v_firmware 10.2.1.2-24sv

This Metasploit module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface Exploitation results in command execution as root The affected versions are 10212-24sv and below, 10208-37sv and below, and 90011-31sv and below ...

SonicWallSSL-VPN_RCE CVE-2021-20038 命令行传参 -h 查看帮助 -u 指定url -f 指定file文件 file内部的格式需添加http/https头

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versions 1021x I've written a lot of the technical details here: AttackerKB CVE-2021-20038 The exploit, as written, will open up a telnet bind shell on port 1270 An attacker that connects to the shell will achieve execution

A collection of nmap scripts for different CVEs

Nmap Scripts A collection of nmap scripts for different CVEs Scripts Available: CVE-2019-1653 (Sensitive information access in web interface for Cisco RV320 and RV325 routers) CVE-2021-20038 (Stack based buffer overflow in SonicWall SMA100 httpd server)

Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

The Register • Gareth Corfield • 11 Jan 2022

Get our weekly newsletter Nothing like topping off unauth'd remote code execution with a su password of ... password

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. The information was released today by infosec outfit Rapid7. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October. If you haven't yet applied the update, now would be a good time before it's widely exploited. So far there is no eviden...

CVE-2021-20038

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect