Cyber Resilience

CVE-2021-20028

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 04 August 2021

Published
04 August 2021
Modified
31 October 2025
KEV Added
28 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8027 99.1th percentile
Risk Priority 88 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-20028 is a critical-severity SQL Injection (CWE-89) vulnerability in Sonicwall Sma 210 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability is a SQL injection flaw (CWE-89) caused by improper neutralization of SQL commands. It affects end-of-life SonicWall Secure Remote Access (SRA) appliances running all 8.x firmware versions and 9.0.0.9-26sv or earlier. The issue carries a CVSS 3.1 base score of 9.8.

Remote unauthenticated attackers can exploit the flaw over the network without user interaction to read, modify, or delete database contents and potentially achieve full control of the affected appliance, resulting in complete loss of confidentiality, integrity, and availability.

The vulnerability is documented in SonicWall advisory SNWLID-2021-0017 and appears in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild exploitation. Because the products have reached end-of-life status, no patches are expected; organizations should migrate away from the affected SRA appliances.

EU & UK References

Vulnerability details

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

CWE(s)
KEV Date Added
28 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sonicwall
sma 210 firmware
8.0.0.0 — 9.0.0.10-28sv
sonicwall
sma 410 firmware
8.0.0.0 — 9.0.0.10-28sv
sonicwall
sma 500v firmware
8.0.0.0 — 9.0.0.10-28sv
sonicwall
sra 4600 firmware
8.0.0.0 — 9.0.0.10-28sv
sonicwall
sra 1600 firmware
8.0.0.0 — 9.0.0.10-28sv
sonicwall
sra va firmware
8.0.0.0 — 9.0.0.10-28sv

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and neutralization of untrusted input to block SQL command injection as exploited in this CVE.

prevent

Mandates replacement or approved mitigations for unsupported/end-of-life components such as the affected SRA appliances.

prevent

Enforces boundary protections that can restrict network exposure of the vulnerable remote-access appliance.

References