Sonicwall

Sma 400 Firmware

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-32821

Medienbericht
  • EPSS 0.2%
  • Veröffentlicht 07.05.2025 17:22:14
  • Zuletzt bearbeitet 19.05.2025 15:12:23

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

8.8

CVE-2025-32820

Medienbericht
  • EPSS 0.57%
  • Veröffentlicht 07.05.2025 17:20:10
  • Zuletzt bearbeitet 19.05.2025 15:12:48

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

8.8

CVE-2025-32819

Medienbericht Exploit
  • EPSS 0.34%
  • Veröffentlicht 07.05.2025 17:18:23
  • Zuletzt bearbeitet 19.05.2025 15:13:46

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

6.3

CVE-2024-22395

  • EPSS 0.42%
  • Veröffentlicht 24.02.2024 00:15:45
  • Zuletzt bearbeitet 05.12.2024 17:04:30

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

8.8

CVE-2023-5970

  • EPSS 0.57%
  • Veröffentlicht 05.12.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

7.2

CVE-2023-44221

Warnung Medienbericht
  • EPSS 18.48%
  • Veröffentlicht 05.12.2023 21:15:07
  • Zuletzt bearbeitet 02.05.2025 14:15:47

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection V...

8.8

CVE-2022-2915

  • EPSS 2.57%
  • Veröffentlicht 26.08.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:55

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and ...

9.8

CVE-2022-22273

  • EPSS 1.92%
  • Veröffentlicht 17.03.2022 02:15:06
  • Zuletzt bearbeitet 21.11.2024 06:46:32

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA ap...

7.5

CVE-2021-20050

  • EPSS 0.22%
  • Veröffentlicht 23.12.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:45:51

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

7.5

CVE-2021-20049

  • EPSS 0.45%
  • Veröffentlicht 23.12.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:45:51

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.