SMA100 Post-Authentication Remote Command Execution Vulnerability

First Published:05/17/2022 Last Updated:05/17/2022

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Command as a 'root' user which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.


NOTE: SMA 1000 series products are not affected by this vulnerability. 


AFFECTED PRODUCT(S)

  • SMA100 series firmware 10.2.1.4-31sv and earlier versions.
  • SMA100 series firmware 10.2.0.9-41sv and earlier versions.


CPE(S) WORKAROUND

None


FIXED SOFTWARE

  • SMA100 series firmware 10.2.1.5-34sv and higher versions.
  • SMA100 series firmware 10.2.0.10-46sv and higher versions.

Trace:63d06900c8ef267d887744bb716d43f8-78