Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sma_410_firmware
(Sonicwall)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-08 | CVE-2021-20043 | A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 8.8 | ||
| 2021-12-08 | CVE-2021-20044 | A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 8.8 | ||
| 2021-12-08 | CVE-2021-20045 | A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 9.8 | ||
| 2021-12-23 | CVE-2021-20049 | A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. | Sma_100_firmware, Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 7.5 | ||
| 2021-12-23 | CVE-2021-20050 | An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | Sma_100_firmware, Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 7.5 | ||
| 2022-03-17 | CVE-2022-22273 | Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware, Sra_1200_firmware, Sra_1600_firmware, Sra_4200_firmware, Sra_4600_firmware | 9.8 | ||
| 2022-04-13 | CVE-2022-22279 | A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions | Sma_210_firmware, Sma_410_firmware, Sma_500v_firmware, Sra_1200_firmware, Sra_4200_firmware | 4.9 | ||
| 2022-06-08 | CVE-2022-1703 | Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | Sma_210_firmware, Sma_410_firmware, Sma_500v_firmware | 8.8 | ||
| 2022-08-26 | CVE-2022-2915 | A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 8.8 | ||
| 2023-12-05 | CVE-2023-5970 | Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 8.8 |