VYPR

SMA1000 series

by SonicWall

CVEs (16)

  • CVE-2022-22282CriMay 13, 2022
    risk 0.64cvss 9.8epss 0.07

    SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

  • CVE-2022-1703HigJun 8, 2022
    risk 0.58cvss 8.8epss 0.11

    Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

  • CVE-2022-1701HigMay 13, 2022
    risk 0.49cvss 7.5epss 0.04

    SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

  • CVE-2021-20050HigDec 23, 2021
    risk 0.49cvss 7.5epss 0.01

    An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

  • CVE-2026-4116HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.00

    Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

  • CVE-2026-4113HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.00

    An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.

  • CVE-2026-4112HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

  • CVE-2025-40595HigMay 14, 2025
    risk 0.47cvss 7.2epss 0.00

    A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

  • CVE-2026-4114MedApr 9, 2026
    risk 0.43cvss 6.6epss 0.01

    Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.

  • CVE-2022-1702MedMay 13, 2022
    risk 0.40cvss 6.1epss 0.08

    SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

  • CVE-2025-40602KEVDec 18, 2025
    risk 0.12cvss epss 0.02

    A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

  • CVE-2025-40603Oct 31, 2025
    risk 0.00cvss epss 0.00

    A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.

  • CVE-2025-40598Jul 23, 2025
    risk 0.00cvss epss 0.53

    A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

  • CVE-2025-40597Jul 23, 2025
    risk 0.00cvss epss 0.28

    A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

  • CVE-2025-40596Jul 23, 2025
    risk 0.00cvss epss 0.56

    A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

  • CVE-2025-40599Jul 23, 2025
    risk 0.00cvss epss 0.12

    An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.