Product:

Sma_410_firmware

(Sonicwall)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 21
Date Id Summary Products Score Patch Annotated
2023-12-05 CVE-2023-44221 Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware 7.2
2021-02-04 CVE-2021-20016 A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. Sma_100_firmware, Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v 9.8
2021-08-04 CVE-2021-20028 Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier Sma_210_firmware, Sma_410_firmware, Sma_500v_firmware, Sra_1600_firmware, Sra_4600_firmware, Sra_va_firmware 9.8
2021-12-08 CVE-2021-20038 A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware 9.8
2024-02-24 CVE-2024-22395 Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware 6.3
2021-09-27 CVE-2021-20034 An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v 9.1
2021-09-27 CVE-2021-20035 Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v 6.5
2021-12-08 CVE-2021-20039 Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware 8.8
2021-12-08 CVE-2021-20040 A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware 7.5
2021-12-08 CVE-2021-20041 An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware 7.5