CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32821
https://notcve.org/view.php?id=CVE-2025-32821
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32820
https://notcve.org/view.php?id=CVE-2025-32820
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-32819
https://notcve.org/view.php?id=CVE-2025-32819
07 May 2025 — A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-20050
https://notcve.org/view.php?id=CVE-2021-20050
23 Dec 2021 — An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. Una vulnerabilidad de control de acceso inapropiado en la serie SMA100 conlleva a que varias API de administración restringidas sean accesibles sin un inicio de sesión de usuario, exponiendo potencialmente los metadatos de configuración • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-20049
https://notcve.org/view.php?id=CVE-2021-20049
23 Dec 2021 — A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. Una vulnerabilidad en la API de cambio de contraseña de SonicWall SMA100, permite a un atacante remoto no autenticado llevar a cabo una enumeración de nombres de usuario de SMA100 basándose en las respuestas del servidor. Esta vulnerabilidad afecta a las version... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 9.8EPSS: 80%CPEs: 11EXPL: 0CVE-2021-20016 – SonicWall SSLVPN SMA100 SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-20016
03 Feb 2021 — A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. Una vulnerabilidad de inyección de SQL en el producto SonicWall SSLVPN SMA100, permite a un atacante remoto no autenticado llevar a cabo una consulta SQL para acceder a la contraseña del nombre de usuario y otra información relacionada con la sesión. Esta... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2020-5146
https://notcve.org/view.php?id=CVE-2020-5146
09 Jan 2021 — A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. Una vulnerabilidad en el dispositivo SonicWall SMA100, permite a un usuario de administración autenticado llevar a cabo una inyección de comandos del Sistema Operativo usando parámetros HTTP POST. Esta vulnerabilidad afectó a SMA100 Appliance versiones 10.2.0.2-20sv y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0022 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7485
https://notcve.org/view.php?id=CVE-2019-7485
19 Dec 2019 — Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. Un desbordamiento de búfer en SonicWall SMA100, permite a un usuario autenticado ejecutar código arbitrario en el script DEARegister CGI. Esta vulnerabilidad impactó a SMA100 versión 9.0.0.3 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0020 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7484
https://notcve.org/view.php?id=CVE-2019-7484
19 Dec 2019 — Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. Una inyección SQL autenticada en SonicWall SMA100, permite al usuario conseguir acceso de solo lectura a recursos no autorizados utilizando el script viewcacert CGI. Esta vulnerabilidad impactó a SMA100 versión 9.0.0.3 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7486
https://notcve.org/view.php?id=CVE-2019-7486
19 Dec 2019 — Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. Una inyección de código en SonicWall SMA100, permite a un usuario autenticado ejecutar código arbitrario en el script viewcacert CGI. Esta vulnerabilidad impactó a SMA100 versión 9.0.0.4 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •