CVE-2021-20039

CVE-2021-20039

Vendor Sonicwall

Product SonicWall SMA100

Weakness CWE-78

Published December 8, 2021

Last update September 5, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Key dates

02Disclosure timeline

December 8, 2021 CVE published

September 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-20039

Related vulnerabilities

Identifiers

CVE CVE-2021-20039

CWE CWE-78

Affected versions

Vendor Sonicwall

Product SonicWall SMA100

Affected 9.0.0.11-31sv and earlier

Vendor Sonicwall

Product SonicWall SMA100

Affected 10.2.0.8-37sv and earlier

Vendor Sonicwall

Product SonicWall SMA100

Affected 10.2.1.1-19sv and earlier

Vendor Sonicwall

Product SonicWall SMA100

Affected 10.2.1.2-24sv and earlier

01Description

02Disclosure timeline

03References

04Related CVE