← Back to CVEs
CVE-2021-20016
CRITICALCISA KEV9.8
Description
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/4/2021
Last Modified10/31/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorSonicWall
ProductSSLVPN SMA100
Vulnerability NameSonicWall SSLVPN SMA100 SQL Injection Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2021-11-17
Ransomware UseKnown
Affected Products
sonicwall:sma_100sonicwall:sma_100_firmwaresonicwall:sma_200sonicwall:sma_200_firmwaresonicwall:sma_210sonicwall:sma_210_firmwaresonicwall:sma_400sonicwall:sma_400_firmwaresonicwall:sma_410sonicwall:sma_410_firmwaresonicwall:sma_500v
Weaknesses (CWE)
CWE-89CWE-89
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001(PSIRT@sonicwall.com)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.