CVE-2021-20038
CVE-2021-20038
In short
A flaw in the web server of SMA100 appliances allows attackers to send specially crafted requests that overflow a memory buffer, potentially letting them run malicious code on the device without needing a password.
Technical detail
Stack-based buffer overflow in mod_cgi module's environment variable handling permits unauthenticated remote code execution with 'nobody' user privileges on affected SMA appliances (200, 210, 400, 410, 500v). Attack vector is network-based via HTTP requests; no authentication required.
Summary generated and translated by AI from the official description.
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SonicWall · SonicWall SMA100public PoCs found — 2
githubgithub.com/vesperp/CVE-2021-20038-SonicWall-RCE★ 1githubgithub.com/anir0y/sonicwall-audit-toolkit★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/jbaines-r7/badbloodhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20038https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/