CVE-2021-20016

CVE-2021-20016

Vendor Sonicwall
Product SonicWall SMA100
Weakness CWE-89 · SQLi
KEV Status Known Exploited
Ransomware Used in campaigns
Published February 3, 2021
Last update October 21, 2025

CVSS base score

What the vulnerability does

01Description

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

February 3, 2021 CVE published
October 21, 2025 Record updated