CyberSec.Space Logo
Back to CVE Browser

CVE-2021-20028

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score50.1100%
EPSS Percentile97.70th
PublishedAug 4, 2021
Last ModifiedOct 31, 2025

Vulnerability Description

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

Affected Platforms (CPE)

πŸ’»
Sonicwall

Sma 210 Firmware

>= 8.0.0.0 and < 9.0.0.10-28sv
πŸ’»
Sonicwall

Sma 410 Firmware

>= 8.0.0.0 and < 9.0.0.10-28sv
πŸ’»
Sonicwall

Sma 500v Firmware

>= 8.0.0.0 and < 9.0.0.10-28sv
πŸ’»
Sonicwall

Sra 4600 Firmware

>= 8.0.0.0 and < 9.0.0.10-28sv
πŸ’»
Sonicwall

Sra 1600 Firmware

>= 8.0.0.0 and < 9.0.0.10-28sv
πŸ’»
Sonicwall

Sra Va Firmware

>= 8.0.0.0 and < 9.0.0.10-28sv

References & Advisories

πŸ”— https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017
πŸ”— https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20028

Related Vulnerabilities

CVE-2021-200389.8

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote u...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...