CVE-2019-7483
published 2019-12-19CVE-2019-7483: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on…
PriorityP278high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-18
Exploited in the wild
EPSS
3.98%
89.2th percentile
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sma | — | — |
| sonicwall | sma100 | — | — |
| sonicwall | sma_100_firmware | < 9.0.0.4 | 9.0.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the handleWAFRedirect CGI endpoint for directory traversal attempts on SonicWall SMA100 devices; unauthenticated requests probing this endpoint for file presence are indicative of exploitation. ↗
- ·Vulnerability is unauthenticated, meaning no credentials are required to exploit it; any unauthenticated request to the handleWAFRedirect CGI with traversal sequences should be treated as suspicious. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
SonicWall SMA100 Directory Traversal Vulnerability
cisa·2022-03-28·CVSS 7.5
CVE-2019-7483 [HIGH] CWE-22 SonicWall SMA100 Directory Traversal Vulnerability
Vulnerability: SonicWall SMA100 Directory Traversal Vulnerability
Affected: SonicWall SMA100
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-7483
Remediation Due Date: 2022-04-18
SonicWall
CVE-2019-7483: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a f
vendor_sonicwall·2019-12-19·CVSS 7.5
CVE-2019-7483 [HIGH] CWE-22 CVE-2019-7483: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a f
CVE-2019-7483: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
GHSA
GHSA-xxfj-h999-8mjj: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a f
ghsa_unreviewed·2022-05-24
CVE-2019-7483 [MEDIUM] CWE-22 GHSA-xxfj-h999-8mjj: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a f
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
VulnCheck
SonicWall SMA100 Directory Traversal Vulnerability
vulncheck·2019·CVSS 7.5
CVE-2019-7483 [HIGH] CWE-22 SonicWall SMA100 Directory Traversal Vulnerability
SonicWall SMA100 Directory Traversal Vulnerability
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Affected: SonicWall SMA100
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.theregister.com/2023/03/09/suspected_chinese_cyberspies_target_uppatched/
Remediation Due: 2022-04-18
No detection rules found.
No public exploits indexed.
Tenable
Exploitation of CVE-2025-40602 chained with CVE-2025-23006
blogs_tenable·2025-12-17·CVSS 9.8
[CRITICAL] Exploitation of CVE-2025-40602 chained with CVE-2025-23006
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited
blogs_tenable·2025-01-23·CVSS 9.8
[CRITICAL] CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2019-12-19
Published
2022-03-28
Added to CISA KEV
Exploited in the wild