Improper neutralization of special elements in the SMA100 management interface ‘/cgi-bin/viewcert’ POST http method allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
[
{
"product": "SonicWall SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "9.0.0.11-31sv and earlier"
},
{
"status": "affected",
"version": "10.2.0.8-37sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.1-19sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.2-24sv and earlier"
}
]
}
]