CVEs (35)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Sonicwall 9Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+6 moreNov 21, 2024 Mar 17, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series pro...Show more |
1Sonicwall 6Sma 100 Firmware Sma 200 FirmwareSma 210 Firmware+3 moreNov 21, 2024 Dec 23, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. |
1Sonicwall 6Sma 100 Firmware Sma 200 FirmwareSma 210 Firmware+3 moreNov 21, 2024 Dec 23, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affect...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 a...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 2...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerabi...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Dec 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 an...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreSep 5, 2025 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerabili...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreOct 31, 2025 Dec 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. T...Show more |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreOct 31, 2025 Sep 27, 2021 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. |
1Sonicwall 5Sma 200 Firmware Sma 210 FirmwareSma 400 Firmware+2 moreNov 21, 2024 Sep 27, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. |
1Sonicwall 6Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware+3 moreOct 31, 2025 Aug 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earl...Show more |
1Sonicwall 6Sma 100 Firmware Sma 200 FirmwareSma 210 Firmware+3 moreOct 31, 2025 Feb 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability imp...Show more |