CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

VulnCheck KEV: CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC...

SonicWall SMA 1000 Series < 12.4.3-02963 SSRF (SNWLID-2025-0010)

The remote host is a SonicWall SMA 1000 Series device that may be affected by a server-side request forgery SSRF vulnerability. An SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cau...

SonicWall SMA 1000 Series < 12.4.3-02854 Pre-authentication Remote Command Execution (SNWLID-2025-0002)

The remote host is a SonicWall SMA 1000 Series device that may be affected by a pre-authentication remote command execution vulnerability: - Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Managemen...

The vulnerability of SonicWall SMA 1000 network firewall software lies in the redirection of URLs to unreliable websites, allowing attackers to redirect users to arbitrary URL addresses.

The vulnerability of SonicWall SMA 1000 network firewall microprogramming software relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address using a specially created link...