VYPR

SMA100

by SonicWall

CVEs (38)

  • CVE-2024-53703HigDec 5, 2024
    risk 0.54cvss 8.1epss 0.13

    A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

  • CVE-2024-45318HigDec 5, 2024
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

  • CVE-2025-32821HigMay 7, 2025
    risk 0.49cvss 7.2epss 0.29

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

  • CVE-2024-40763HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

  • CVE-2024-45317HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

  • CVE-2021-20049HigDec 23, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

  • CVE-2021-20041HigDec 8, 2021
    risk 0.49cvss 7.5epss 0.07

    An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

  • CVE-2020-5129HigMar 26, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.

  • CVE-2025-2170HigApr 30, 2025
    risk 0.47cvss 7.2epss 0.00

    A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.

  • CVE-2020-5146HigJan 9, 2021
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.

  • CVE-2019-7484MedDec 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

  • CVE-2024-45319MedDec 5, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.

  • CVE-2024-22395MedFeb 24, 2024
    risk 0.41cvss 6.3epss 0.00

    Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

  • CVE-2020-5132MedSep 30, 2020
    risk 0.35cvss 5.3epss 0.01

    SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an…

  • CVE-2024-53702MedDec 5, 2024
    risk 0.34cvss 5.3epss 0.00

    Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

  • CVE-2021-20018MedMar 13, 2021
    risk 0.32cvss 4.9epss 0.01

    A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

  • CVE-2025-40603MedOct 31, 2025
    risk 0.29cvss 4.5epss 0.00

    A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.

  • CVE-2025-40602KEVDec 18, 2025
    risk 0.12cvss epss 0.02

    A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Page 2 of 2