Limited Black Friday Offer:

SonicWall SMA100 Stack BoF to Unauthenticated RCE CVE-2021-20038 Scanner

In SonicWall SMA100, there is an Unauthenticated Remote Code Execution vulnerability.

Short Info

Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

SonicWall SMA100 Stack BoF to Unauthenticated RCE CVE-2021-20038 Scanner Detail

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026