CWE
77
Advisory Published
Updated

CVE-2016-9683: Command Injection

First published: Wed Feb 22 2017(Updated: )

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
SonicWall Secure Remote Access=8.1.0.2-14sv

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2016-9683?

    CVE-2016-9683 is classified as a high-severity vulnerability due to its potential for remote command injection.

  • How do I fix CVE-2016-9683?

    To mitigate CVE-2016-9683, upgrade the SonicWall Secure Remote Access server to a patched version that addresses this vulnerability.

  • What specifically is vulnerable in CVE-2016-9683?

    CVE-2016-9683 affects the web administrative interface, specifically the 'extensionsettings' CGI component.

  • Is CVE-2016-9683 likely to be exploited in the wild?

    Yes, given its nature as a remote command injection vulnerability, CVE-2016-9683 could be targeted by attackers if not addressed.

  • What versions are affected by CVE-2016-9683?

    CVE-2016-9683 specifically affects SonicWall Secure Remote Access Server version 8.1.0.2-14sv.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203