VYPR
Vendor

SonicWall

SonicWall Inc. is an American cybersecurity company that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs), virtual firewalls, SD-WAN, cloud security and anti-spam for email. The company also markets information subscription services related to its products.

Founded 1991
Products
73
CVEs
245
Across products
292
Status
Private

Products

73
View all 73 products →

Recent CVEs

245
View all 245 CVEs →
  • CVE-2016-9682CriFeb 22, 2017
    risk 0.69cvss 9.8epss 0.23

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out…

  • CVE-2016-9683CriFeb 22, 2017
    risk 0.68cvss 9.8epss 0.12

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for…

  • CVE-2016-9684CriFeb 22, 2017
    risk 0.67cvss 9.8epss 0.07

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL…

  • CVE-2016-2396CriFeb 17, 2016
    risk 0.65cvss 9.9epss 0.05

    The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

  • CVE-2024-40765CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.01

    An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

  • CVE-2024-40762CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.01

    Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

  • CVE-2024-6387HigJul 1, 2024
    risk 0.64cvss 8.1epss 1.00

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…

  • CVE-2016-2397CriFeb 17, 2016
    risk 0.64cvss 9.8epss 0.06

    The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

  • CVE-2024-3596CriJul 9, 2024
    risk 0.60cvss 9.0epss 0.15

    RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

  • CVE-2024-12802CriJan 9, 2025
    risk 0.59cvss 9.1epss 0.00

    SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each…

  • CVE-2024-22397HigMar 14, 2024
    risk 0.54cvss 8.3epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.

  • CVE-2026-0204HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

  • CVE-2024-53706HigJan 9, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

  • CVE-2024-45316HigOct 11, 2024
    risk 0.51cvss 7.8epss 0.00

    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege…

  • CVE-2025-32818HigApr 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

  • CVE-2024-53705HigJan 9, 2025
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

  • CVE-2024-45317HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

  • CVE-2024-29011HigMay 1, 2024
    risk 0.49cvss 7.5epss 0.01

    Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.

  • CVE-2026-4116HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.00

    Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

  • CVE-2026-4113HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.00

    An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.