Sma 410 Firmware

sma_410_firmware

Vendor: Sonicwall • 35 CVEs

CVEs (35)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-40603 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Nov 6, 2025 Oct 31, 2025 N/A· v4 4.5 MEDIUM· v3 N/A· v2 A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
CVE-2025-40598 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Aug 7, 2025 Jul 23, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.
CVE-2025-40597 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Aug 7, 2025 Jul 23, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
CVE-2025-40596 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Aug 7, 2025 Jul 23, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
CVE-2025-40599 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Nov 6, 2025 Jul 23, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system,...Show more An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.Show less
CVE-2025-32821 1Sonicwall 6Sma 100 Firmware Sma 200 FirmwareSma 210 Firmware+3 more May 19, 2025 May 7, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
CVE-2025-32820 1Sonicwall 6Sma 100 Firmware Sma 200 FirmwareSma 210 Firmware+3 more May 19, 2025 May 7, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
CVE-2025-32819 1Sonicwall 6Sma 100 Firmware Sma 200 FirmwareSma 210 Firmware+3 more May 19, 2025 May 7, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVE-2024-53703 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Nov 4, 2025 Dec 5, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially...Show more A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.Show less
CVE-2024-53702 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Nov 4, 2025 Dec 5, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the gen...Show more Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.Show less
CVE-2024-45319 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Nov 4, 2025 Dec 5, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
CVE-2024-45318 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Nov 4, 2025 Dec 5, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
CVE-2024-40763 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Nov 6, 2025 Dec 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
CVE-2024-38475 3Apache NetappSonicwall 7Http Server Ontap 9Sma 200 Firmware+4 more Nov 17, 2025 Jul 1, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly...Show more Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.Show less
CVE-2024-22395 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Dec 5, 2024 Feb 24, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA...Show more Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.Show less
CVE-2023-5970 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Nov 21, 2024 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
CVE-2023-44221 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Oct 31, 2025 Dec 5, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially lea...Show more Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.Show less
CVE-2022-2915 1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 more Nov 21, 2024 Aug 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerabil...Show more A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.Show less
CVE-2022-1703 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Nov 21, 2024 Jun 8, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vul...Show more Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.Show less
CVE-2022-22279 1Sonicwall 5Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware+2 more Nov 21, 2024 Apr 13, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA applia...Show more A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versionsShow less

12 Next