Product Notice: Arbitrary Command Injection Vulnerability in SonicWall SMA 100 Series Appliances

Overview

CVE-2021-20035
CVSS Score: 7.2

A vulnerability has been identified in the SMA100 management interface involving improper neutralization of special elements. This issue may allow a remote authenticated attacker to inject arbitrary commands as the 'nobody' user, potentially leading to remote code execution.

Product Impact

Please review the table below to see the products and their versions that are impacted:

Product	Platform	Impacted Versions
SMA 100 Series	• SMA 200 • SMA 210 • SMA 400 • SMA 410 • SMA 500v (ESX, KVM, AWS, Azure)	10.2.1.0-17sv and earlier
		10.2.0.7-34sv and earlier
		9.0.0.10-28sv and earlier

Remedation

Organizations using SMA 100 series appliances should immediately log in to MySonicWall.com to upgrade their appliances to the patched firmware versions outlined below.

Product	Platform	Impacted Versions	Fixed Versions
SMA 100 Series	• SMA 200 • SMA 210 • SMA 400 • SMA 410 • SMA 500v (ESX, KVM, AWS, Azure)	10.2.1.0-17sv and earlier	10.2.1.1-19sv and higher
		10.2.0.7-34sv and earlier	10.2.0.8-37sv and higher
		9.0.0.10-28sv and earlier	9.0.0.11-31sv and higher

Related information

Previous Alert
January 23, 2025
Product Notice: Urgent Security Notification - SMA 1000
Read More
Next Alert
July 23, 2025
Product Notice: SMA100 Post-Authentication Arbitrary File Upload Vulnerability
Read More