Skip to main content
close search
site logo
Dive Brief

Older SonicWall SMA100 vulnerability exploited in the wild

CISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week.

Published April 17, 2025
By
Contributing Reporter
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol. 3d rendering.
Getty Images via Getty Images

Dive Brief:

  • SonicWall on Tuesday disclosed that an OS command-injection vulnerability in SonicWall SMA100 remote-access appliances, tracked as CVE-2021-20035, has been exploited in the wild. The vulnerability was first disclosed and patched in September 2021.
  • The vulnerability was initially assigned a medium-severity CVSS score of 6.5. However, SonicWall raised the score to 7.2, making CVE-2021-20035 a high-severity flaw.
  • CISA added CVE-2021-20035 to its known exploited vulnerabilities (KEV) catalog on Wednesday. The agency's listing for the SonicWall flaw said it's unknown whether the exploitation activity involves ransomware attacks.  

Dive Insight:

SonicWall said CVE-2021-20035 stems from improper neutralization of special elements in the SMA100 management interface. If exploited, a threat actor could remotely inject arbitrary commands as a "nobody" user, which could lead to code execution.

The vulnerability was discovered and reported by Wenxu Yin, a security researcher with Qihoo 360 Technology Co. in Beijing, China.

With the addition to CISA's KEV catalog, federal civilian executive branch agencies have until May 7 to either patch their SonicWall appliances or discontinue use of the product if mitigations cannot be applied.

A SonicWall spokesperson told Cybersecurity Dive the vendor is actively investigating the scope and details of the exploitation.

“The threat activity was reported by a trusted SonicWall security partner. While the vulnerability affects SMA100 devices running older firmware, we continue to urge customers to follow the mitigation steps outlined in our advisory and upgrade to the latest firmware as a best practice. Security hygiene, patching, and timely firmware updates are key to protection, and we remain committed to transparency and partner engagement as threats evolve,” the spokesperson said in an email.

SonicWall vulnerabilities have been popular targets for a variety of threat actors in recent years as both cybercriminals and nation-state attackers have shifted focus to edge devices such as VPNs and firewalls. For example, in February CISA added CVE-2024-53704, an improper authentication vulnerability in the SSL VPN mechanism of the vendor's firewalls, to the KEV catalog. Censys later reported that more than 450 vulnerable firewalls were exposed to the public internet.

Editor’s Note: This story has been updated with a statement from SonicWall.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Why One Startup Thinks Cybersecurity Tools Aren’t the Problem—But How We Use Them Is
From Trevor Lane
April 14, 2025
As Attacks Grow on Critical Infrastructure, New RunSafe Tool Scores Hidden Threats in Embedded…
From RunSafe Security
April 07, 2025
360 Privacy Announces Strategic Executive Appointments Following $36 Million Growth Investment
From 360 Privacy
March 31, 2025
GitGuardian Launches NHI Governance: Bringing Order to the Chaos of Non-Human Identity Security
From GitGuardian
April 15, 2025
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.