Sma 200 Firmware@* Security Vulnerabilities and Issues — Sma 200 Firmware@* CVE List

Lucene search

SonicwallSma 200 Firmware*

12 matches found

CVE•added 2021/09/27 6:15 p.m.•133 views

CVE-2021-20035

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

6.8CVSS6.4AI score0.16762EPSS

CVE•added 2021/09/27 6:15 p.m.•117 views

CVE-2021-20034

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

9.1CVSS9.2AI score0.07211EPSS

CVE•added 2023/12/05 9:15 p.m.•114 views

CVE-2023-44221

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

7.2CVSS7.1AI score0.47359EPSS

CVE•added 2024/02/24 12:15 a.m.•104 views

CVE-2024-22395

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

6.3CVSS6AI score0.00416EPSS

CVE•added 2022/03/17 2:15 a.m.•80 views

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlie...

9.8CVSS9.6AI score0.01481EPSS

CVE•added 2025/05/07 6:15 p.m.•63 views

CVE-2025-32819

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

8.8CVSS8.5AI score0.00129EPSS

CVE•added 2025/05/07 6:15 p.m.•60 views

CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

8.8CVSS8.3AI score0.00145EPSS

CVE•added 2022/08/26 9:15 p.m.•59 views

CVE-2022-2915

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

8.8CVSS8.5AI score0.05504EPSS

CVE•added 2025/05/07 6:15 p.m.•56 views

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

7.2CVSS7.7AI score0.00076EPSS

CVE•added 2021/12/23 2:15 a.m.•48 views

CVE-2021-20049

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

7.5CVSS7.6AI score0.00453EPSS

CVE•added 2021/12/23 2:15 a.m.•47 views

CVE-2021-20050

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

7.5CVSS7.9AI score0.00217EPSS

CVE•added 2023/12/05 9:15 p.m.•27 views

CVE-2023-5970

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

8.8CVSS8.4AI score0.00238EPSS