Freedom Coder

Posted on Jul 17, 2025 • Edited on Jul 26, 2025 • Originally published at scyscan.com

CVE-2021-20035: SonicWall SMA100 Appliances OS Command Injection Vulnerability

#sonicwall #sma100appliances #cybersecurity #vulnerability

CVE ID

CVE-2021-20035

Vulnerability Name

SonicWall SMA100 Appliances OS Command Injection Vulnerability

Project: SonicWall
Product: SMA100 Appliances

Date

Date Added: 2025-04-16
Due Date: 2025-05-07

Description

SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.