CVE-2021-20040

Summary

A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicWall SMA10010.2.0.8-37sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.1-19sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.2-24sv and earlieraffected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References