Web Scanning SonicWall for CVE-2021-20016 - Update

May 21, 2025, 8:29 p.m.

Description

There has been a significant increase in scanning activity targeting SonicWall devices, specifically looking for CVE-2021-20016 vulnerability. The activity has grown tenfold over the past 14 days, with multiple sources reporting probes related to two specific URLs. The most active IP addresses originate from the 141.98.80.0/24 subnet. The diary provides a list of indicator IP addresses involved in the scanning activity. This surge in scanning efforts highlights the ongoing threat landscape surrounding the SonicWall vulnerability, emphasizing the importance of patching and monitoring for potential exploitation attempts.

External References

https://isc.sans.edu/diary/rss/31952
https://otx.alienvault.com/pulse/6825d6e4d77073813931f8d6
Tags
vulnerability
exploitation
scanning
sonicwall
network security
2025-05-15
CVE-2021-20016

Date

  • Created: May 15, 2025, 11:58 a.m.
  • Published: May 15, 2025, 11:58 a.m.
  • Modified: May 21, 2025, 8:29 p.m.

Indicators

  • 92.63.196.249
  • 80.82.65.127
  • 92.63.196.152
  • 185.193.88.223
  • 185.193.88.229
  • 185.193.88.178
Download all indicators here!

Attack Patterns

Linked vulnerabilities

CVE-2021-20016

None
Published: