CVE-2024-53703
published 2024-12-05CVE-2024-53703: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote…
PriorityP259high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
12.71%
95.8th percentile
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sma | — | — |
| sonicwall | sma100 | — | — |
| sonicwall | sma_200_firmware | < 10.2.1.14-75sv | 10.2.1.14-75sv |
| sonicwall | sma_210_firmware | < 10.2.1.14-75sv | 10.2.1.14-75sv |
| sonicwall | sma_400_firmware | < 10.2.1.14-75sv | 10.2.1.14-75sv |
| sonicwall | sma_410_firmware | < 10.2.1.14-75sv | 10.2.1.14-75sv |
| sonicwall | sma_500v_firmware | < 10.2.1.14-75sv | 10.2.1.14-75sv |
Detection & IOCsextracted from sources · hover to see the quote
- →Target is the mod_httprp library loaded by the Apache web server on SonicWall SMA100 SSLVPN devices; monitor for anomalous or oversized requests to the Apache/mod_httprp handler on affected appliances ↗
- →Stack-based buffer overflow triggered remotely; look for crash/core dumps or unexpected process restarts of the Apache web server process on SMA100 devices running firmware 10.2.1.13-72sv or earlier ↗
- ·Affected firmware versions are 10.2.1.13-72sv and earlier on SonicWall SMA100 SSLVPN; ensure detection/patching scope covers all devices running these versions ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9m9p-7xr9-44ff: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10
ghsa_unreviewed·2024-12-05
CVE-2024-53703 [HIGH] CWE-121 GHSA-9m9p-7xr9-44ff: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
SonicWall
CVE-2024-53703: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows
vendor_sonicwall·2024-12-05·CVSS 8.1
CVE-2024-53703 [HIGH] CWE-121 CVE-2024-53703: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows
CVE-2024-53703: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-05
Published