CVE-2021-20034

Critical

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete…

sonicwall·CWE-284·Published 2021-09-27

CVSS

9.1

EPSS

0.81

KEV

Exploits

cve.orgen

219 chars

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

NVDen

219 chars

NVDes

268 chars

Una vulnerabilidad de control de acceso inapropiado en SMA100 permite a un atacante remoto no autenticado omitir las comprobaciones de salto de ruta y eliminar un archivo arbitrario, resultando potencialmente en un reinicio a la configuración predeterminada de fábrica

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H