Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): SMA100
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
- CPE Vendor: cpe:/:sonicwall
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-5970 |
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. Published: December 05, 2023; 4:15:07 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-44221 |
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. Published: December 05, 2023; 4:15:07 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-0126 |
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. Published: January 19, 2023; 3:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-2915 |
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. Published: August 26, 2022; 5:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-1703 |
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. Published: June 08, 2022; 5:15:08 AM -0400 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2022-22282 |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. Published: May 13, 2022; 4:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-1702 |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. Published: May 13, 2022; 4:15:07 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2022-1701 |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. Published: May 13, 2022; 4:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-20050 |
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. Published: December 22, 2021; 9:15:06 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-20049 |
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. Published: December 22, 2021; 9:15:06 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-20045 |
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Published: December 08, 2021; 5:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-20044 |
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Published: December 08, 2021; 5:15:08 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2021-20043 |
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Published: December 08, 2021; 5:15:08 AM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-20041 |
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Published: December 08, 2021; 5:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2021-20040 |
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Published: December 08, 2021; 5:15:07 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-20039 |
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Published: December 08, 2021; 5:15:07 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2021-20038 |
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. Published: December 08, 2021; 5:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-20035 |
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Published: September 27, 2021; 2:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2021-20034 |
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. Published: September 27, 2021; 2:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2021-20018 |
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. Published: March 12, 2021; 9:15:12 PM -0500 |
V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM |