CVE-2021-20035

Known Exploited (CISA KEV)MEDIUM

6.5

CVSS Severity Score

EPSS Score96.6560%

EPSS Percentile89.22th

PublishedSep 27, 2021

Last ModifiedOct 31, 2025

Vulnerability Description

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

Affected Platforms (CPE)

💻

Sonicwall

Sma 200 Firmware

< 9.0.0.11-31sv

💻

Sonicwall

Sma 200 Firmware

>= 10.2.0.0 and < 10.2.0.8-37sv

💻

Sonicwall

Sma 200 Firmware

>= 10.2.1.0 and < 10.2.1.1-19sv

💻

Sonicwall

Sma 210 Firmware

< 9.0.0.11-31sv

💻

Sonicwall

Sma 210 Firmware

>= 10.2.0.0 and < 10.2.0.8-37sv

💻

Sonicwall

Sma 210 Firmware

>= 10.2.1.0 and < 10.2.1.1-19sv

💻

Sonicwall

Sma 400 Firmware

< 9.0.0.11-31sv

💻

Sonicwall

Sma 400 Firmware

>= 10.2.0.0 and < 10.2.0.8-37sv

💻

Sonicwall

Sma 400 Firmware

>= 10.2.1.0 and < 10.2.1.1-19sv

💻

Sonicwall

Sma 410 Firmware

< 9.0.0.11-31sv

💻

Sonicwall

Sma 410 Firmware

>= 10.2.0.0 and < 10.2.0.8-37sv

💻

Sonicwall

Sma 410 Firmware

>= 10.2.1.0 and < 10.2.1.1-19sv

📦

Sonicwall

Sma 500v

< 9.0.0.11-31sv

📦

Sonicwall

Sma 500v

>= 10.2.0.0 and < 10.2.0.8-37sv

📦

Sonicwall

Sma 500v

>= 10.2.1.0 and < 10.2.1.1-19sv

References & Advisories

🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20035

Vulnerability Description

Affected Platforms (CPE)

Sma 200 Firmware

Sma 200 Firmware

Sma 200 Firmware

Sma 210 Firmware

Sma 210 Firmware

Sma 210 Firmware

Sma 400 Firmware

Sma 400 Firmware

Sma 400 Firmware

Sma 410 Firmware

Sma 410 Firmware

Sma 410 Firmware

Sma 500v

Sma 500v

Sma 500v

References & Advisories

Related Vulnerabilities