Sonicwall Sma1000 Firmware vulnerabilities

5 known vulnerabilities affecting sonicwall/sma1000_firmware.

Total CVEs

5

CISA KEV

1

actively exploited

Public exploits

2

Exploited in wild

1

Severity breakdown

HIGH5

Vulnerabilities

Page 1 of 1

CVE-2025-2170HIGHCVSS 7.2fixed in 12.4.3-029252025-04-30

CVE-2025-2170 [HIGH] CWE-918 CVE-2025-2170: A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.

CVE-2023-0126HIGHCVSS 7.5PoCv12.4.22023-01-19

CVE-2023-0126 [HIGH] CWE-22 CVE-2023-0126: Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

CVE-2022-0847HIGHCVSS 7.8KEVPoC≤ 12.4.2-020442022-03-10

CVE-2022-0847 [HIGH] CWE-665 CVE-2022-0847: A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper i A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate thei

CVE-2021-33909HIGHCVSS 7.8≤ 12.4.2-020442021-07-20

CVE-2021-33909 [HIGH] CWE-190 CVE-2021-33909: fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq b fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

CVE-2020-5129HIGHCVSS 7.5≤ 12.1.0-064112020-03-26

CVE-2020-5129 [HIGH] CWE-248 CVE-2020-5129: A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attac A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.