CVE-2021-20038

Description

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-20038
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-20038

Refrence: Project Discovery GitHub

jbaines-r7

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Refrence: GitHub

vesperp

Refrence: GitHub

Content on GitHub

S3ntinelX | watchers:1

nmap-scripts
A collection of nmap scripts for different CVEs

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub