Lucene search
K

11 matches found

NVD
NVD
added 2026/04/09 3:16 p.m.3 views

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

7.2CVSS0.00613EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:27 p.m.3 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.1AI score0.00417EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 2:25 p.m.12 views

CVE-2026-4114

The CVE-2026-4114 issue affects SonicWall SMA1000 series appliances and is caused by improper handling of Unicode encoding, enabling a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. The Red Hat, NVD, and Nessus entries corroborate this vulnerability, and SonicWall PSIRT SNWL...

6.6CVSS7.1AI score0.00597EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/01/09 5:43 p.m.19 views

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and...

9.3CVSS8.7AI score0.01676EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-23006

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

9.8CVSS7.5AI score0.23432EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/01/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-20038

SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution...

9.8CVSS7.9AI score0.99912EPSS
Exploits7References1
OSV
OSV
added 2021/12/08 10:15 a.m.3 views

CVE-2021-20043

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...

8.8CVSS7.7AI score
Exploits0References1
CNNVD
CNNVD
added 2021/03/12 12:0 a.m.5 views

Sonicwall SMA100 授权问题漏洞

The SonicWall SMA100 is a secure access gateway appliance from SonicWALL USA. An authorization issue vulnerability exists in SonicWall SMA100 version 10.2.0.5 and prior versions, which can be exploited by an attacker to export a target profile to a specified email address...

4.9CVSS5.6AI score0.00673EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/12/19 12:0 a.m.5 views

PT-2019-18624 · Sonicwall · Sonicwall Sma100

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 affected versions not specified Description: The issue is related to an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI, which allows users to test for the presence of a file on the server...

7.5CVSS6.6AI score0.03977EPSS
Exploits0References3
CNVD
CNVD
added 2019/12/19 12:0 a.m.4 views

SonicWall SMA100 Buffer Overflow Vulnerability

The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. A buffer overflow vulnerability exists in the SonicWall SMA100. The vulnerability originates when a network system or product performs an operation on memory without properly validating data boundaries, resulting in an...

9.8CVSS7.4AI score0.08817EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/18 12:0 a.m.3 views

SonicWall SMA100 Code Injection Vulnerability

The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. A code injection vulnerability exists in SonicWall SMA100 version 9.0.0.4 and earlier. The vulnerability stems from the failure of a network system or product to properly filter specific elements of externally input dat...

8.8CVSS7.7AI score0.01582EPSS
Exploits0References1
Rows per page
Query Builder