PatchSiren cyber security CVE debrief

CVE-2016-9682 Dell CVE debrief

CVE-2016-9682 describes two remote command injection flaws in the SonicWall Secure Remote Access server web administrative interface. The issue is in the diagnostics CGI at /cgi-bin/diagnostics, where attacker-controlled values are passed to system() without proper escaping. NVD classifies the flaw as CWE-77 and assigns a CVSS v3.0 score of 9.8, reflecting network reachability, no authentication, no user interaction, and full confidentiality, integrity, and availability impact.

Vendor: Dell
Product: CVE-2016-9682
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-22
Original CVE updated: 2026-05-13
Advisory published: 2017-02-22
Advisory updated: 2026-05-13

Who should care

Organizations running SonicWall Secure Remote Access servers, especially teams responsible for perimeter appliance administration, vulnerability management, and incident response. Any environment exposing the web administrative interface should treat this as urgent.

Technical summary

According to the NVD record, the vulnerable product is SonicWall Secure Remote Access server version 8.1.0.2-14sv. The weakness is in the diagnostics CGI component used to email system-state information. Two variables named tsrDeleteRestartedFile and currentTSREmailTo are not properly escaped before being used in a system() call, allowing remote command injection. The NVD entry maps this to CWE-77 and lists the attack vector as network with no privileges or user interaction required.

Defensive priority

Critical: immediate remediation recommended for any exposed or untrusted-management-facing installation.

Recommended defensive actions

Identify whether any SonicWall Secure Remote Access server instances are running the affected version 8.1.0.2-14sv or related vulnerable builds listed by the vendor.
Apply the vendor remediation referenced in the Dell/SonicWall release notes and PSIRT advisory as soon as possible.
Restrict access to the web administrative interface to trusted management networks until remediation is complete.
Review appliance logs and system integrity for signs of unexpected command execution, shell access, or configuration changes.
If compromise is suspected, treat the appliance as potentially fully exposed and follow incident response procedures, including credential and secret rotation where appropriate.

Evidence notes

The supplied NVD record identifies the vulnerable CPE as cpe:2.3:o:dell:sonicwall_secure_remote_access_server:8.1.0.2-14sv:*:*:*:*:*:*:* and assigns CVSS v3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. It also lists CWE-77. The MITRE-imported references point to vendor release notes and the SonicWall PSIRT advisory for SNWLID-2016-0003. A third-party Exploit-DB reference is present in the corpus, but no exploit details are used here.

Official resources

CVE-2016-9682 CVE record
CVE.org
CVE-2016-9682 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed and published in the CVE/NVD record on 2017-02-22; the NVD record remains marked Modified as of 2026-05-13.