CVE-2022-1702 — Open Redirect in Sma1000

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 57.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall Sma1000 Sonicwall SMA 6200 Firmware Sonicwall SMA 6210 Firmware +3 more

Timeline

PublishedMay 13

Latest updateMay 14

Description

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5sonicwall/sonicwall_sma100012.4.0, 12.4.1+1

▶NVDsonicwall/sma_6200_firmware12.4.0, 12.4.1+1

▶NVDsonicwall/sma_6210_firmware12.4.0, 12.4.1+1

▶NVDsonicwall/sma_7200_firmware12.4.0, 12.4.1+1

▶NVDsonicwall/sma_7210_firmware12.4.0, 12.4.1+1

🔴Vulnerability Details

GHSA

GHSA-j8g9-739h-g466: SonicWall SMA1000 series firmware 12↗2022-05-14

▶

CVEList

CVE-2022-1702: SonicWall SMA1000 series firmware 12↗2022-05-13

▶