Lucene search
K

SonicWall SonicOS 7.0 - Open Redirect

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 31 Views

SonicWall SonicOS 7.0 contains an open redirect vulnerability in Host headers, allowing attackers to spoof header, obtain sensitive info, and redirect to malicious sites. Apply latest security patch

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Sonicwall SonicOS 7.0 - Host Header Injection Vulnerability
13 Oct 202100:00
zdt
Circl
CVE-2021-20031
13 Oct 202102:25
circl
CNNVD
SonicOS 输入验证错误漏洞
12 Oct 202100:00
cnnvd
CVE
CVE-2021-20031
12 Oct 202122:55
cve
Cvelist
CVE-2021-20031
12 Oct 202122:55
cvelist
Exploit DB
Sonicwall SonicOS 7.0 - Host Header Injection
13 Oct 202100:00
exploitdb
NCSC
Vulnerability fixed in SonicOS
13 Oct 202100:00
ncsc
NVD
CVE-2021-20031
12 Oct 202123:15
nvd
OSV
CVE-2021-20031
12 Oct 202123:15
osv
Packet Storm
Sonicwall SonicOS 7.0 Host Header Injection
13 Oct 202100:00
packetstorm
Rows per page
id: CVE-2021-20031

info:
  name: SonicWall SonicOS 7.0 - Open Redirect
  author: gy741
  severity: medium
  description: SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations. and/or possibly redirect a user to a malicious site.
  impact: |
    Attackers can redirect users to malicious sites, steal sensitive information, or perform unauthorized operations, leading to potential data breaches or phishing attacks.
  remediation: |
    Implement proper validation and sanitization of Host headers to prevent spoofing and open redirects.
  reference:
    - https://www.exploit-db.com/exploits/50414
    - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019
    - http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-20031
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-20031
    cwe-id: CWE-601
    epss-score: 0.13041
    epss-percentile: 0.95874
    cpe: cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: sonicwall
    product: nsa_2650
    google-query: inurl:"auth.html" intitle:"SonicWall"
  tags: cve,cve2021,sonicwall,redirect,edb,packetstorm,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/"
    headers:
      Host: "{{randstr}}.tld"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'https://{{randstr}}.tld/auth.html'
          - 'Please be patient as you are being re-directed'
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100da0903c9c0cd36beeb9f98015ae3d9a844dd62d9b19b43783dacf6aae9885580022100b899e8c19695b8ed13635caebf17106ab936f84fc5f856dff549e4bfb2380f96:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 25.8
CVSS 3.16.1
EPSS0.13041
31