During a routine security scan, Rapid7 specialists detected five vulnerabilities in SonicWall Secure Mobile Access (SMA) Series 100 devices, including SMA 200, 210, 400, 410 and 500v iterations. According to the report, the exploitation of the most severe of these flaws could lead to a remote code execution condition on the affected devices.
The flaws were notified to the manufacturer, which has already issued a patch to address bugs on affected devices. Below are brief descriptions of the reported flaws:
CVE-2021-20038: The web server on tcp/443 (/usr/src/EasyAccess/bin/httpd) is a slightly modified version of the Apache httpd server. One of the notable modifications is in the mod_cgi module (/lib/mod_cgi.so), plus there is a custom version of the cgi_build_command function that aggregates all environment variables into a single stack-based buffer using strcat. If a threat actor generates too long a QUERY_STRING, it can overflow the stack-based buffer.
CVE-2021-20039: The web interface uses a function to scan strings for shell metacharacters and prevent command injection attacks. This function looks for normal characters (&|$>
Support the originator by clicking the read the rest link below.