SonicWall SMA 200
Moderate fix2 remedies
cpe:2.3:h:sonicwall:sma100:*:*:*:*:*:*:*, +5 more
Moderate fix2 remedies
- >= 10.2.0.8-37sv, <= 10.2.1.2-24sv
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
SonicWall SMA 100 Series Stack-Based Buffer Overflow Vulnerability in Apache httpd mod_cgi Module Allowing Unauthenticated Remote Code Execution
Vulnerability
Exploited
Patched
A stack-based buffer overflow vulnerability has been identified in the SonicWall SMA 100 series appliances, specifically in the Apache httpd server's mod_cgi module. This vulnerability allows a remote, unauthenticated attacker to execute code as the 'nobody' user on the affected appliance. The issue arises from the mod_cgi module improperly handling environment variables, leading to a buffer overflow on the stack. The vulnerability affects several firmware versions across the SMA 100 series, including SMA 200, 210, 400, 410, and 500v.
Impact
Exploitation of this vulnerability leads to unauthorized remote code execution on the affected device, with the executed code running under the 'nobody' user. However, the context of the vulnerability allows for escalation to root privileges.
Reproduction
The vulnerability can be reproduced by sending an HTTP request with an overly long QUERY_STRING parameter. This can be done using a tool like curl. The request will trigger the buffer overflow by exceeding the capacity of the stack-based buffer, which is not properly validated before being processed.
Remediation
Users are advised to update to SonicWall's patched versions, specifically 10.2.0.9-41sv or 10.2.1.3-27sv.
Added: May 15, 2026, 10:14 AM
Updated: May 15, 2026, 10:14 AM