Vulnerability in Sonicwall Sma100

CVE-2021-20049

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x…

EPSS: 0.003 (56.5th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.0.8-37sv and earlier, 10.2.1.2-24sv and earlier

Weakness classification (CWE)

CWE-204 — Observable Response Discrepancy

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 (x_refsource_CONFIRM)