Russell Sanford

**Name of the Vulnerable Software and Affected Versions** SonicWall Secure Remote Access server version 8.1.0.2-14sv **Description** The issue is related to the diagnostics component of the CGI application in the web administrative interface, specifically the `/cgi-bin/diagnostics` endpoint. It is caused by a lack of input data sanitization, allowing a remote attacker to execute arbitrary commands using the `tsrDeleteRestartedFile` and `currentTSREmailTo` variables. This can lead to remote command injection, potentially giving shell access to the machine under the nobody user account. **Recommendations** For version 8.1.0.2-14sv, consider disabling the `/cgi-bin/diagnostics` endpoint as a temporary workaround until a patch is available. Restrict access to the diagnostics component to minimize the risk of exploitation. Avoid using the `tsrDeleteRestartedFile` and `currentTSREmailTo` variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.