VYPR

SMA100

by SonicWall

CVEs (38)

  • CVE-2021-20038CriKEVDec 8, 2021
    risk 0.90cvss 9.8epss 1.00

    A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v…

  • CVE-2021-20016CriKEVFeb 4, 2021
    risk 0.85cvss 9.8epss 0.40

    A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

  • CVE-2025-23006CriKEVJan 23, 2025
    risk 0.84cvss 9.8epss 0.23

    Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute…

  • CVE-2019-7481HigKEVDec 17, 2019
    risk 0.75cvss 7.5epss 1.00

    Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.

  • CVE-2021-20034CriSep 27, 2021
    risk 0.69cvss 9.1epss 0.81

    An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

  • CVE-2023-44221HigKEVDec 5, 2023
    risk 0.65cvss 7.2epss 0.75

    Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

  • CVE-2019-7482CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.09

    Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

  • CVE-2019-7483HigKEVDec 19, 2019
    risk 0.61cvss 7.5epss 0.04

    In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

  • CVE-2021-20044HigDec 8, 2021
    risk 0.60cvss 8.8epss 0.40

    A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

  • CVE-2021-20043HigDec 8, 2021
    risk 0.59cvss 8.8epss 0.23

    A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

  • CVE-2025-32819HigMay 7, 2025
    risk 0.58cvss 8.8epss 0.07

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

  • CVE-2022-1703HigJun 8, 2022
    risk 0.58cvss 8.8epss 0.11

    Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

  • CVE-2025-32820HigMay 7, 2025
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

  • CVE-2023-5970HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.01

    Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

  • CVE-2022-2915HigAug 26, 2022
    risk 0.57cvss 8.8epss 0.01

    A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

  • CVE-2021-20017HigMar 13, 2021
    risk 0.57cvss 8.8epss 0.02

    A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

  • CVE-2019-7486HigDec 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.

  • CVE-2019-7485HigDec 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

  • CVE-2023-0126HigJan 19, 2023
    risk 0.55cvss 7.5epss 0.73

    Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

  • CVE-2021-20035MedKEVSep 27, 2021
    risk 0.55cvss 6.5epss 0.04

    Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

Page 1 of 2