CVE-2020-5146

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 Appliance versions 10.2.0.2-20sv and earlier

Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands using a specially crafted HTTP POST request. The vulnerability can be exploited by an authenticated management user to perform OS command injection using HTTP POST parameters.

Recommendations: For SonicWall SMA100 Appliance versions 10.2.0.2-20sv and earlier, consider restricting access to the management interface to minimize the risk of exploitation. As a temporary workaround, avoid using HTTP POST parameters that could be used for OS command injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.