SonicWall Urges Users to Patch Several Vulnerabilities in...

SonicWall Urges Users to Patch Several Vulnerabilities in Secure Mobile Access Products (CVE-2021-20038)

On December 7, SonicWall issued an advisory (SNWLID-2021-0026) for eight CVEs in its Secure Mobile Access (SMA) 100 product line of remote access gateways. As part of the advisory, SonicWall “strongly urges” its customers to patch these vulnerabilities in the SMA 200, 210, 400, 410 and 500v products, in addition to SMA 100 series appliances with the Web Application Firewall (WAF) enabled.

The most severe of these flaws are a set of unauthenticated heap- and stack-based buffer overflow vulnerabilities. Successful exploitation of CVE-2021-20038 (CVSSv3 9.8), CVE-2021-20045 (CVSSv3 9.4) and CVE-2021-20043 (CVSSv3 8.8) would result in code execution as the “nobody” user in the SMA100 appliance.

While there is no evidence at this time that these vulnerabilities have been exploited in the wild, SonicWall SMA devices have been targeted by threat actors in the past. The advisory includes a guide for the impacted and fixed firmware versions.

For more information, please visit our blog.

Vulnerability Watch

Forum Discussion

SonicWall Urges Users to Patch Several Vulnerabilities in...

Recent Discussions

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Exploited in the Wild

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

Americas

Europe

Asia / Australia