11 matches found
CVE-2026-4112
Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...
CVE-2026-4116
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...
CVE-2026-4114
The CVE-2026-4114 issue affects SonicWall SMA1000 series appliances and is caused by improper handling of Unicode encoding, enabling a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. The Red Hat, NVD, and Nessus entries corroborate this vulnerability, and SonicWall PSIRT SNWL...
China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines
Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and...
VulnCheck KEV: CVE-2025-23006
SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...
VulnCheck KEV: CVE-2021-20038
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution...
CVE-2021-20043
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...
Sonicwall SMA100 授权问题漏洞
The SonicWall SMA100 is a secure access gateway appliance from SonicWALL USA. An authorization issue vulnerability exists in SonicWall SMA100 version 10.2.0.5 and prior versions, which can be exploited by an attacker to export a target profile to a specified email address...
PT-2019-18624 · Sonicwall · Sonicwall Sma100
Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 affected versions not specified Description: The issue is related to an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI, which allows users to test for the presence of a file on the server...
SonicWall SMA100 Buffer Overflow Vulnerability
The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. A buffer overflow vulnerability exists in the SonicWall SMA100. The vulnerability originates when a network system or product performs an operation on memory without properly validating data boundaries, resulting in an...
SonicWall SMA100 Code Injection Vulnerability
The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. A code injection vulnerability exists in SonicWall SMA100 version 9.0.0.4 and earlier. The vulnerability stems from the failure of a network system or product to properly filter specific elements of externally input dat...