Sonicwall

Sma 200 Firmware

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-32821

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 07.05.2025 17:22:14
  • Zuletzt bearbeitet 19.05.2025 15:12:23

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

8.8

CVE-2025-32820

Medienbericht
  • EPSS 0.29%
  • Veröffentlicht 07.05.2025 17:20:10
  • Zuletzt bearbeitet 19.05.2025 15:12:48

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

8.8

CVE-2025-32819

Medienbericht Exploit
  • EPSS 0.18%
  • Veröffentlicht 07.05.2025 17:18:23
  • Zuletzt bearbeitet 19.05.2025 15:13:46

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

8.1

CVE-2024-53703

  • EPSS 0.46%
  • Veröffentlicht 05.12.2024 14:15:22
  • Zuletzt bearbeitet 04.11.2025 17:15:33

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

5.3

CVE-2024-53702

  • EPSS 0.1%
  • Veröffentlicht 05.12.2024 14:15:21
  • Zuletzt bearbeitet 04.11.2025 17:13:12

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

6.3

CVE-2024-45319

  • EPSS 0.06%
  • Veröffentlicht 05.12.2024 14:15:21
  • Zuletzt bearbeitet 04.11.2025 17:09:09

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.

8.1

CVE-2024-45318

  • EPSS 0.73%
  • Veröffentlicht 05.12.2024 14:15:21
  • Zuletzt bearbeitet 04.11.2025 16:59:42

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

7.5

CVE-2024-40763

  • EPSS 0.33%
  • Veröffentlicht 05.12.2024 14:15:20
  • Zuletzt bearbeitet 06.11.2025 16:43:04

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

9.1

CVE-2024-38475

Warnung Medienbericht
  • EPSS 93.86%
  • Veröffentlicht 01.07.2024 19:15:04
  • Zuletzt bearbeitet 17.11.2025 21:49:55

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resultin...

6.3

CVE-2024-22395

  • EPSS 0.43%
  • Veröffentlicht 24.02.2024 00:15:45
  • Zuletzt bearbeitet 05.12.2024 17:04:30

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.