Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers.

Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by changing the description of the vulnerability to say that can potentially lead to code execution, instead of only to denial of service (DoS).

About CVE-2021-20035

Sonicwall SMA 100 series appliances provide a unified secure access gateway optimized for small and medium businesses.

CVE-2021-20035 is due to improper neutralization of special elements in the SMA100 management interface and can be exploited by remote authenticated attackers to inject arbitrary OS commands as a “nobody” user.

It affects SMA 100 series appliances, more specifically these models: SMA 200, 210, 400, 410, and 500v (for hybrid-cloud deployments).

Impacted firmware versions include 10.2.1.0-17sv and earlier, 10.2.0.7-34sv and earlier and 9.0.0.10-28sv and earlier.

There are no available workarounds, so admins are advised to upgrade to a fixed version as soon as possible:

• 10.2.1.1-19sv and higher
• 10.2.0.8-37sv and higher
• 9.0.0.11-31sv and higher

Sonicwall SMA appliances are often targeted by attackers via known and zero-day vulnerabilities. Earlier this year, threat actors have been spotted leveraging CVE-2025-23006 as a zero-day to compromise SonicWall SMA 1000 Series appliances.

While both Sonicwall and CISA have confirmed that the CVE-2021-20035 is being exploited, the company has yet to provide details about these latest attacks.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!