<ul><li>Threat actors have been exploiting a remote code execution flaw in SonicWall SMA appliances since January 2025.</li><li>The vulnerability, CVE-2021-20035, allows remote authenticated attackers to inject arbitrary commands and potentially execute code.</li><li>The flaw affects SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices, and the vendor patched it in September 2021.</li><li>SonicWall SMA 100 series appliances have been targeted in an active campaign to steal VPN credentials using default or weak passwords.</li></ul>

Attackers exploited SonicWall SMA appliances since January 2025

Discover more