SMA1000 series
by SonicWall
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-22282 | Cri | 0.64 | 9.8 | 0.07 | May 13, 2022 | SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | ||
| CVE-2022-1703 | Hig | 0.58 | 8.8 | 0.11 | Jun 8, 2022 | Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | ||
| CVE-2022-1701 | Hig | 0.49 | 7.5 | 0.04 | May 13, 2022 | SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | ||
| CVE-2021-20050 | Hig | 0.49 | 7.5 | 0.01 | Dec 23, 2021 | An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | ||
| CVE-2026-4116 | Hig | 0.47 | 7.2 | 0.00 | Apr 9, 2026 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. | ||
| CVE-2026-4113 | Hig | 0.47 | 7.2 | 0.00 | Apr 9, 2026 | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | ||
| CVE-2026-4112 | Hig | 0.47 | 7.2 | 0.01 | Apr 9, 2026 | Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. | ||
| CVE-2025-40595 | Hig | 0.47 | 7.2 | 0.00 | May 14, 2025 | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location. | ||
| CVE-2026-4114 | Med | 0.43 | 6.6 | 0.01 | Apr 9, 2026 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | ||
| CVE-2022-1702 | Med | 0.40 | 6.1 | 0.08 | May 13, 2022 | SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | ||
| CVE-2025-40602 | 0.12 | — | 0.02 | KEV | Dec 18, 2025 | A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | ||
| CVE-2025-40603 | 0.00 | — | 0.00 | Oct 31, 2025 | A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. | |||
| CVE-2025-40598 | 0.00 | — | 0.53 | Jul 23, 2025 | A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. | |||
| CVE-2025-40597 | 0.00 | — | 0.28 | Jul 23, 2025 | A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | |||
| CVE-2025-40596 | 0.00 | — | 0.56 | Jul 23, 2025 | A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | |||
| CVE-2025-40599 | 0.00 | — | 0.12 | Jul 23, 2025 | An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution. |
- risk 0.64cvss 9.8epss 0.07
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.
- risk 0.58cvss 8.8epss 0.11
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
- risk 0.49cvss 7.5epss 0.04
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
- risk 0.49cvss 7.5epss 0.01
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
- risk 0.47cvss 7.2epss 0.00
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
- risk 0.47cvss 7.2epss 0.00
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
- risk 0.47cvss 7.2epss 0.01
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
- risk 0.47cvss 7.2epss 0.00
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.
- risk 0.43cvss 6.6epss 0.01
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
- risk 0.40cvss 6.1epss 0.08
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
- risk 0.12cvss —epss 0.02
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
- CVE-2025-40603Oct 31, 2025risk 0.00cvss —epss 0.00
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
- CVE-2025-40598Jul 23, 2025risk 0.00cvss —epss 0.53
A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.
- CVE-2025-40597Jul 23, 2025risk 0.00cvss —epss 0.28
A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
- CVE-2025-40596Jul 23, 2025risk 0.00cvss —epss 0.56
A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
- CVE-2025-40599Jul 23, 2025risk 0.00cvss —epss 0.12
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.