Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SonicwallSma 410 Firmware*

18 matches found

CVE
CVEadded 2021/08/04 7:15 p.m.1004 views

CVE-2021-20028

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

9.8CVSS9.8AI score0.86703EPSS
CVE
CVEadded 2021/09/27 6:15 p.m.157 views

CVE-2021-20035

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

6.8CVSS6.4AI score0.16762EPSS
CVE
CVEadded 2023/12/05 9:15 p.m.138 views

CVE-2023-44221

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

7.2CVSS7.1AI score0.47359EPSS
CVE
CVEadded 2021/09/27 6:15 p.m.117 views

CVE-2021-20034

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

9.1CVSS9.2AI score0.07211EPSS
CVE
CVEadded 2024/02/24 12:15 a.m.105 views

CVE-2024-22395

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

6.3CVSS6AI score0.00416EPSS
CVE
CVEadded 2022/03/17 2:15 a.m.81 views

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlie...

9.8CVSS9.6AI score0.01481EPSS
CVE
CVEadded 2022/04/13 6:15 a.m.69 views

CVE-2022-22279

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Acces...

4.9CVSS5.3AI score0.00596EPSS
CVE
CVEadded 2025/05/07 6:15 p.m.65 views

CVE-2025-32819

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

8.8CVSS8.5AI score0.00129EPSS
CVE
CVEadded 2025/05/07 6:15 p.m.61 views

CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

8.8CVSS8.3AI score0.00145EPSS
CVE
CVEadded 2022/08/26 9:15 p.m.60 views

CVE-2022-2915

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

8.8CVSS8.5AI score0.05856EPSS
CVE
CVEadded 2025/05/07 6:15 p.m.57 views

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

7.2CVSS7.7AI score0.00076EPSS
CVE
CVEadded 2022/06/08 9:15 a.m.53 views

CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

9CVSS8.3AI score0.03093EPSS
CVE
CVEadded 2021/12/23 2:15 a.m.49 views

CVE-2021-20049

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

7.5CVSS7.6AI score0.00453EPSS
CVE
CVEadded 2021/12/23 2:15 a.m.48 views

CVE-2021-20050

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

7.5CVSS7.9AI score0.00217EPSS
CVE
CVEadded 2023/12/05 9:15 p.m.28 views

CVE-2023-5970

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

8.8CVSS8.4AI score0.00238EPSS
CVE
CVEadded 2025/07/23 3:15 p.m.13 views

CVE-2025-40598

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

6.1CVSS6.7AI score0.00068EPSS
CVE
CVEadded 2025/07/23 3:15 p.m.12 views

CVE-2025-40596

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

7.3CVSS7.6AI score0.00068EPSS
CVE
CVEadded 2025/07/23 3:15 p.m.12 views

CVE-2025-40597

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

7.5CVSS7.6AI score0.00068EPSS