Sonicwall

Sma 500v Firmware

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2024-45319

  • EPSS 0.06%
  • Veröffentlicht 05.12.2024 14:15:21
  • Zuletzt bearbeitet 04.11.2025 17:09:09

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.

8.1

CVE-2024-45318

  • EPSS 0.73%
  • Veröffentlicht 05.12.2024 14:15:21
  • Zuletzt bearbeitet 04.11.2025 16:59:42

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

7.5

CVE-2024-40763

  • EPSS 0.33%
  • Veröffentlicht 05.12.2024 14:15:20
  • Zuletzt bearbeitet 06.11.2025 16:43:04

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

9.1

CVE-2024-38475

Warnung Medienbericht
  • EPSS 93.86%
  • Veröffentlicht 01.07.2024 19:15:04
  • Zuletzt bearbeitet 17.11.2025 21:49:55

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resultin...

6.3

CVE-2024-22395

  • EPSS 0.43%
  • Veröffentlicht 24.02.2024 00:15:45
  • Zuletzt bearbeitet 05.12.2024 17:04:30

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

8.8

CVE-2023-5970

  • EPSS 0.57%
  • Veröffentlicht 05.12.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

7.2

CVE-2023-44221

Warnung Medienbericht
  • EPSS 15.67%
  • Veröffentlicht 05.12.2023 21:15:07
  • Zuletzt bearbeitet 31.10.2025 15:56:29

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection V...

8.8

CVE-2022-2915

  • EPSS 1.99%
  • Veröffentlicht 26.08.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:55

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and ...

9

CVE-2022-1703

  • EPSS 3.09%
  • Veröffentlicht 08.06.2022 09:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:17

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of servic...

4.9

CVE-2022-22279

  • EPSS 0.45%
  • Veröffentlicht 13.04.2022 06:15:07
  • Zuletzt bearbeitet 21.11.2024 06:46:33

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-...