CVE-2019-7485 — Classic Buffer Overflow in SMA 100 Firmware

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 29.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall SMA 100 Firmware Sonicwall Sma100

Timeline

PublishedDec 19

Latest updateMay 24

Description

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsonicwall/sma_100_firmware9.0.0.3

▶CVEListV5sonicwall/sma1009.0.0.3 and earlier

🔴Vulnerability Details

GHSA

GHSA-28f6-647f-xq87: Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script↗2022-05-24

▶

CVEList

CVE-2019-7485: Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script↗2019-12-19

▶