CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40600
https://notcve.org/view.php?id=CVE-2025-40600
29 Jul 2025 — Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. La vulnerabilidad del uso de una cadena de formato controlada externamente en la interfaz SonicOS SSL VPN permite que un atacante remoto no autenticado provoque la interrupción del servicio. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40598
https://notcve.org/view.php?id=CVE-2025-40598
23 Jul 2025 — A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40597
https://notcve.org/view.php?id=CVE-2025-40597
23 Jul 2025 — A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40596
https://notcve.org/view.php?id=CVE-2025-40596
23 Jul 2025 — A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40599
https://notcve.org/view.php?id=CVE-2025-40599
23 Jul 2025 — An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40595
https://notcve.org/view.php?id=CVE-2025-40595
14 May 2025 — A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0010 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32821
https://notcve.org/view.php?id=CVE-2025-32821
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32820
https://notcve.org/view.php?id=CVE-2025-32820
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32819
https://notcve.org/view.php?id=CVE-2025-32819
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2170
https://notcve.org/view.php?id=CVE-2025-2170
30 Apr 2025 — A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. • http://10.210.34.9/vuln-detail/SNWLID-2025-0008 • CWE-918: Server-Side Request Forgery (SSRF) •