What is CVE-2021-20035?

CVE-2021-20035 is a vulnerability in Sonicwall Sma100, classified under OS Command Injection. Published 2021-09-27.

Is CVE-2021-20035 known to be exploited?

Yes. CVE-2021-20035 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-04-16), indicating it is being actively exploited. 4 public proof-of-concept repositories are indexed.

RCE in Sonicwall Sma100

CVE-2021-20035

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.128 (94.2th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 9.0.0.10-28sv and earlier, 10.2.0.7-34sv and earlier, 10.2.1.0-17sv and earlier

Weakness classification (CWE)

CWE-78 — OS Command Injection

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2025-04-16. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2025-05-07.

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public proof-of-concept exploits

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-20035?: CVE-2021-20035 is a vulnerability in Sonicwall Sma100, classified under OS Command Injection. Published 2021-09-27.
Is CVE-2021-20035 known to be exploited?: Yes. CVE-2021-20035 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-04-16), indicating it is being actively exploited. 4 public proof-of-concept repositories are indexed.