SMA100
by SonicWall
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45317 | Hig | 0.49 | 7.5 | 0.00 | Oct 11, 2024 | A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. | ||
| CVE-2019-7481 | 0.26 | — | 0.94 | KEV | Dec 17, 2019 | Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. | ||
| CVE-2025-23006 | 0.22 | — | 0.50 | KEV | Jan 23, 2025 | Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | ||
| CVE-2019-7483 | 0.16 | — | 0.48 | KEV | Dec 19, 2019 | In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | ||
| CVE-2023-44221 | 0.14 | — | 0.23 | KEV | Dec 5, 2023 | Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. | ||
| CVE-2025-40602 | 0.12 | — | 0.00 | KEV | Dec 18, 2025 | A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | ||
| CVE-2021-20035 | 0.12 | — | 0.04 | KEV | Sep 27, 2021 | Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | ||
| CVE-2019-7482 | 0.05 | — | 0.65 | Dec 19, 2019 | Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. | |||
| CVE-2021-20034 | 0.03 | — | 0.06 | Sep 27, 2021 | An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | |||
| CVE-2024-53703 | 0.02 | — | 0.29 | Dec 5, 2024 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | |||
| CVE-2024-40763 | 0.01 | — | 0.11 | Dec 5, 2024 | Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution. | |||
| CVE-2025-40603 | 0.00 | — | 0.00 | Oct 31, 2025 | A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. | |||
| CVE-2025-32821 | 0.00 | — | 0.01 | May 7, 2025 | A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. | |||
| CVE-2025-32820 | 0.00 | — | 0.01 | May 7, 2025 | A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. | |||
| CVE-2025-32819 | 0.00 | — | 0.01 | May 7, 2025 | A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | |||
| CVE-2025-2170 | 0.00 | — | 0.00 | Apr 30, 2025 | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. | |||
| CVE-2024-53702 | 0.00 | — | 0.00 | Dec 5, 2024 | Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. | |||
| CVE-2024-45319 | 0.00 | — | 0.01 | Dec 5, 2024 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. | |||
| CVE-2024-45318 | 0.00 | — | 0.03 | Dec 5, 2024 | A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | |||
| CVE-2024-22395 | 0.00 | — | 0.00 | Feb 23, 2024 | Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. |
- risk 0.49cvss 7.5epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.
- risk 0.26cvss —epss 0.94
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
- risk 0.22cvss —epss 0.50
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
- risk 0.16cvss —epss 0.48
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
- risk 0.14cvss —epss 0.23
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
- risk 0.12cvss —epss 0.00
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
- risk 0.12cvss —epss 0.04
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
- CVE-2019-7482Dec 19, 2019risk 0.05cvss —epss 0.65
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
- CVE-2021-20034Sep 27, 2021risk 0.03cvss —epss 0.06
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
- CVE-2024-53703Dec 5, 2024risk 0.02cvss —epss 0.29
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
- CVE-2024-40763Dec 5, 2024risk 0.01cvss —epss 0.11
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
- CVE-2025-40603Oct 31, 2025risk 0.00cvss —epss 0.00
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
- CVE-2025-32821May 7, 2025risk 0.00cvss —epss 0.01
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
- CVE-2025-32820May 7, 2025risk 0.00cvss —epss 0.01
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
- CVE-2025-32819May 7, 2025risk 0.00cvss —epss 0.01
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
- CVE-2025-2170Apr 30, 2025risk 0.00cvss —epss 0.00
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.
- CVE-2024-53702Dec 5, 2024risk 0.00cvss —epss 0.00
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
- CVE-2024-45319Dec 5, 2024risk 0.00cvss —epss 0.01
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
- CVE-2024-45318Dec 5, 2024risk 0.00cvss —epss 0.03
A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
- CVE-2024-22395Feb 23, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
Page 1 of 2