HIGH🇬🇧 English

CVE-2021-20049

CVSS 7.5v3.1pub. 2021-12-23upd. 2024-11-21

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Sonicwall Sma100

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 100 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0
  • Sonicwall Sma200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 200 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0
  • Sonicwall Sma210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 210 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0
  • Sonicwall Sma400

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 400 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0
  • Sonicwall Sma410

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 410 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0
  • Sonicwall Sma500v

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 500v Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie

CVE-2021-20038CRITICAL9.8⚠ KEVten sam produkt

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...

CVE-2021-20028CRITICAL9.8⚠ KEVten sam produkt

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...

CVE-2021-20016CRITICAL9.8⚠ KEVten sam produkt

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...

CVE-2025-40599CRITICAL9.1PL ✓ten sam produkt

SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE