Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sma_500v_firmware
(Sonicwall)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-05 | CVE-2023-44221 | Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 7.2 | ||
| 2021-08-04 | CVE-2021-20028 | Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier | Sma_210_firmware, Sma_410_firmware, Sma_500v_firmware, Sra_1600_firmware, Sra_4600_firmware, Sra_va_firmware | 9.8 | ||
| 2021-12-08 | CVE-2021-20038 | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 9.8 | ||
| 2024-02-24 | CVE-2024-22395 | Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 6.3 | ||
| 2021-12-08 | CVE-2021-20039 | Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 8.8 | ||
| 2021-12-08 | CVE-2021-20040 | A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 7.5 | ||
| 2021-12-08 | CVE-2021-20041 | An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 7.5 | ||
| 2021-12-08 | CVE-2021-20042 | An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | Sma_200_firmware, Sma_210_firmware, Sma_400_firmware, Sma_410_firmware, Sma_500v_firmware | 9.8 |