EUVD-2026-20908

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

PT-2026-31397

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances affected versions not specified Description Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP...

SonicWall SMA 1000 Series <= 12.4.3-03093 / 12.5.x <= 12.5.0-02283 Local Privilege Escalation (SNWLID-2025-0019)

The remote host is a SonicWall SMA 1000 Series device that may be affected by a local privilege escalation vulnerability: - A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC. CVE-2025-40602 Note that Nessus has n...

SonicWall Secure Mobile Access < 10.2.2.1-90sv (SNWLID-2025-0012)

The version of SonicWall Secure Mobile Access installed on the remote host is prior to 10.2.2.1-90sv. It is, therefore, affected by multiple vulnerabilities as referenced in the SNWLID-2025-0012 advisory: - A Reflected cross-site scripting XSS vulnerability exists in the SMA100 series web...

SonicWALL SMA 代码问题漏洞

SonicWALL SMA is a security protection product for enterprise management security access applications from SonicWALL USA. A code issue vulnerability exists in the SonicWall SMA 100 that originates from an arbitrary file upload after authentication and could lead to remote code execution...

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier...

CVE-2022-22279

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...

SonicWall SMA1000 Cross-Site Request Forgery Vulnerability

The SonicWALL SMA1000 is a series of secure mobile access solutions from SonicWALL, Inc. simplifies end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. The SonicWALL SMA1000 suffers from a cross-site request forgery vulnerability that stems...

SonicWALL SMA1000 代码问题漏洞

The SonicWALL SMA1000 is a series of secure mobile access solutions from SonicWALL, Inc. simplifies end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. The SonicWALL SMA1000 suffers from a cross-site request forgery vulnerability that stems...

SonicWall Secure Mobile Access DoS (SNWLID-2021-0022)

The version of SonicWall Secure Mobile Access installed on the remote host is prior to 9.0.0.11-31sv, or 10.2.1 prior to 10.2.1.1-19sv. It is, therefore, affected by a vulnerability as referenced in the SNWLID-2021-0022 advisory: - Improper neutralization of special elements in the SMA100...

SonicWall Secure Mobile Access < 10.2.1.10-62sv (SNWLID-2023-0018)

The version of SonicWall Secure Mobile Access installed on the remote host is prior to 10.2.1.10-62sv. It is, therefore, affected by multiple vulnerabilities as referenced in the SNWLID-2023-0018 advisory: - Improper neutralization of special elements in the SMA100 SSL-VPN management interface...

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access SMA 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring...

SonicWALL SMA1000 代码问题漏洞

SonicWALL SMA1000 is a family of secure mobile access solutions from SonicWALL, Inc. that simplify end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. A security vulnerability exists in the SonicWALL SMA1000. An attacker exploiting this...

SonicWall Secure Mobile Access < 10.2.1.14-75sv (SNWLID-2024-0018)

The version of SonicWall Secure Mobile Access installed on the remote host is prior to 10.2.1.14-75sv. It is, therefore, affected by a vulnerability as referenced in the SNWLID-2024-0018 advisory. - Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an...

SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Secure...

VulnCheck KEV: CVE-2022-22279

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile...

CVE-2022-22279

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...

CVE-2022-22279

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions...

CVE-2022-22279

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...