CVEs (27)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerabi...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 an...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreSep 5, 2025 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerabili...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreOct 31, 2025 Dec 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. T...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreOct 31, 2025 Sep 27, 2021 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Sep 27, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. |
1Sonicwall 6Sma 100 Firmware Sma 200 FirmwareSma 210 Firmware+3 moreOct 31, 2025 Feb 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability imp...Show more |