1999 matches found
SonicWall SonicOS 7.0 - Open Redirect
SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...
SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation
SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. id: CVE-2021-20021 info: name: SonicWall Email Security = 10.0.9.x - Unauthenticated Admin Account Creation author: pussycat0x severity: critical...
SonicWall GMS and Analytics Web Services - Shell Injection
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions id: CVE-2023-34124 info: name: SonicWall GMS and Analytics Web...
SonicWall GMS and Analytics - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...
SonicWall SMA1000 LFI
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. id: CVE-2023-0126 info: name: SonicWall SMA1000 LFI author: tess severity: high description...
Rapid7 MDR Team Discovers New SonicWall SMA1000 Zero Days being Actively Exploited (CVE-2026-15409, CVE-2026-15410)
Overview On July 14, 2026, SonicWall published a security advisory addressing two vulnerabilities affecting SMA1000 Series remote access appliances, including the critical server-side request forgery SSRF vulnerability CVE-2026-15409 CVSS 10.0 and the high-severity code injection vulnerability...
Zero-day vulnerabilities are exploited in SonicWall SMA1000 devices.
SonicWall has identified two vulnerabilities in the SonicWall SMA1000 appliance. The vulnerability with the identifier CVE-2026-15409 involves Server-Side Request Forgery SSRF in the Work Place interface, allowing an unauthorized attacker to send requests to the device to unintended locations. Th...
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access SMA 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 CVSS score: 10.0 - A Server-side...
CVE-2026-15409
creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 19:00:30+00:00| exploited|...
CVE-2026-15410
creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 20:00:01+00:00| exploited|...
PT-2026-58291
Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series affected versions not specified Description A Server-side request forgery SSRF issue exists in the Work Place interface. This allows a remote unauthenticated attacker to force the appliance to send requests to unintend...
PT-2026-58292
Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances affected versions not specified Description A post-authentication improper control of code generation issue exists in the Appliance Management Console AMC. This flaw allows a remote authenticated attacker wi...
SonicWall SMA1000 Appliances Code Injection Vulnerability
SonicWall SMA1000 Appliances contain a code injection vulnerability which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...
SonicWall SRA 4600 VPN - SQL Injection
The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authentication SQL injection vulnerability. id: CVE-2019-7481 info: name: SonicWall SRA 4600 VPN - SQL Injection author: darrenmartyn severity: high description: The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authenticatio...
SSL VPN Session Hijacking
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. id: CVE-2024-53704 info: name: SSL VPN Session Hijacking author: johnk3r severity: critical description: | An Improper Authentication vulnerability in the SSLVPN...
Exploit for Race Condition in Sonicwall Sma_6200_Firmware
CVE-2024-6387 CVE-2024-6387 POC Currently being edited...
VulnCheck KEV: CVE-2024-12802
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...
SonicWALL SonicOS 访问控制错误漏洞
SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWall SonicOS related to access control mechanisms. This vulnerability may allow certain management interfaces to be...
SonicWALL SonicOS 安全漏洞
SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWALL SonicOS, which stems from a path traversal issue after authentication. This vulnerability may allow attackers ...