CVE-2016-9684 Dell CVE debrief

Who should care

Administrators and security teams responsible for SonicWall Secure Remote Access / SMA 100-series appliances, especially systems exposing the web administration interface to untrusted networks. Incident responders should also pay attention if these appliances were reachable during the vulnerable period.

Technical summary

NVD lists the vulnerable product as SonicWall Secure Remote Access Server 8.1.0.2-14sv and classifies the weakness as CWE-77 (Command Injection). The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating unauthenticated remote exploitation over the network. The vulnerable path is /cgi-bin/viewcert, where unescaped CERT input reaches system(), enabling command injection.

Defensive priority

Urgent

Recommended defensive actions

• Identify any SonicWall Secure Remote Access / SMA appliances running the vulnerable 8.1.0.2-14sv build or otherwise matching the affected advisory.
• Apply the vendor remediation referenced by SonicWall PSIRT and the 8.1.0.7 release notes as soon as possible.
• Restrict exposure of the web administration interface to trusted management networks only until affected systems are patched.
• Review appliance and web-access logs for unexpected activity involving /cgi-bin/viewcert or unusual administrative requests.
• If compromise is suspected, isolate the appliance, preserve logs and configuration data, and rotate credentials and any exposed secrets after containment.

Evidence notes

The supplied NVD record shows CVE publication on 2017-02-22 and a later metadata modification on 2026-05-13. NVD identifies the affected CPE as cpe:2.3:o:dell:sonicwall_secure_remote_access_server:8.1.0.2-14sv:*:*:*:*:*:*:* and assigns CVSS 3.0 9.8 with CWE-77. The NVD references include SonicWall PSIRT advisory SNWLID-2016-0005 and the Dell/SonicWall 8.1.0.7 resolved-issues release notes, which together support the vendor-fix context.

Official resources