CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32821
https://notcve.org/view.php?id=CVE-2025-32821
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32820
https://notcve.org/view.php?id=CVE-2025-32820
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32819
https://notcve.org/view.php?id=CVE-2025-32819
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2170
https://notcve.org/view.php?id=CVE-2025-2170
30 Apr 2025 — A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. • http://10.210.34.9/vuln-detail/SNWLID-2025-0008 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 49%CPEs: 9EXPL: 0CVE-2025-23006 – SonicWall SMA1000 Appliances Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2025-23006
23 Jan 2025 — Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. Se ha identificado una vulnerabilidad de deserialización de datos no confiables antes de la autenticación en SMA1000 Appliance Management Console (AMC) y Central Management Console (CMC), que en condiciones específi... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-53703
https://notcve.org/view.php?id=CVE-2024-53703
05 Dec 2024 — A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. • https://github.com/scrt/cve-2024-53703-poc • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53702
https://notcve.org/view.php?id=CVE-2024-53702
05 Dec 2024 — Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45318
https://notcve.org/view.php?id=CVE-2024-45318
05 Dec 2024 — A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40763
https://notcve.org/view.php?id=CVE-2024-40763
05 Dec 2024 — Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45317
https://notcve.org/view.php?id=CVE-2024-45317
11 Oct 2024 — A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-918: Server-Side Request Forgery (SSRF) •