PT-2021-13737 · Sma 410+4 · Sma 410+4

Published

2021-12-08

Updated

2021-12-10

CVE-2021-20041

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: SMA 200 SMA 210 SMA 400 SMA 410 SMA 500v

Description: An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to "/fileshare/sonicfiles/sonicfiles" resulting in a loop with unreachable exit condition.

Recommendations: For SMA 200, update to a version that fixes the issue. For SMA 210, update to a version that fixes the issue. For SMA 400, update to a version that fixes the issue. For SMA 410, update to a version that fixes the issue. For SMA 500v, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the "/fileshare/sonicfiles/sonicfiles" endpoint until a patch is available.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2021-20041

Affected Products

Sma 200

Sma 210

Sma 400

Sma 410

Sma 500V

PT-2021-13737 · Sma 410+4 · Sma 410+4

CVE-2021-20041

Weakness Enumeration

Related Identifiers

Affected Products

References · 6