cbcvebase.

Sonicwall Sma100 vulnerabilities

26 known vulnerabilities affecting sonicwall/sma100.

Total CVEs
26
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
8
Severity breakdown
CRITICAL2HIGH16MEDIUM8

Vulnerabilities

Page 1 of 2
CVE-2019-7481P1HIGHCVSS 7.5KEVPoCRansomwarev9.0.0.3 and earlier2019-12-17
CVE-2019-7481 [HIGH] CWE-89 CVE-2019-7481: Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorize Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
nvd
CVE-2023-44221P1HIGHCVSS 7.2KEVPoCv10.2.1.9-57sv and earlier versions2023-12-05
CVE-2023-44221 [HIGH] CWE-78 CVE-2023-44221: Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remo Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
nvd
CVE-2019-7483P2HIGHCVSS 7.5KEVv9.0.0.3 and earlier2019-12-19
CVE-2019-7483 [HIGH] CWE-22 CVE-2019-7483: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect C In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
nvd
CVE-2021-20035P2MEDIUMCVSS 6.5KEVv9.0.0.10-28sv and earlierv10.2.0.7-34sv and earlier+1 more2021-09-27
CVE-2021-20035 [MEDIUM] CWE-78 CVE-2021-20035: Improper neutralization of special elements in the SMA100 management interface allows a remote authe Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
nvd
CVE-2022-1703P1HIGHCVSS 8.8Exploitedv10.2.1.4-31sv and earlierv10.2.0.9-41sv and earlier2022-06-08
CVE-2022-1703 [HIGH] CWE-78 CVE-2022-1703: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interf Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
nvd
CVE-2025-32819P2HIGHCVSS 8.8Exploitedv10.2.1.14-75sv and earlier versions2025-05-07
CVE-2025-32819 [HIGH] CWE-552 CVE-2025-32819: A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypa A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
nvd
CVE-2023-5970P2HIGHCVSS 8.8Exploitedv10.2.1.9-57sv and earlier versions2023-12-05
CVE-2023-5970 [HIGH] CWE-287 CVE-2023-5970: Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated at Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
nvd
CVE-2021-20034P1CRITICALCVSS 9.1PoCv9.0.0.10-28sv and earlierv10.2.0.7-34sv and earlier+1 more2021-09-27
CVE-2021-20034 [CRITICAL] CWE-284 CVE-2021-20034: An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypas An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
nvd
CVE-2022-2915P2HIGHCVSS 8.8Exploitedv10.2.1.5-34sv and earlier2022-08-26
CVE-2022-2915 [HIGH] CWE-122 CVE-2022-2915: A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authent A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.
nvd
CVE-2019-7482P2CRITICALCVSS 9.8v9.0.0.3 and earlier2019-12-19
CVE-2019-7482 [CRITICAL] CWE-121 CVE-2019-7482: Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
nvd
CVE-2025-32821P3HIGHCVSS 7.2v10.2.1.14-75sv and earlier versions2025-05-07
CVE-2025-32821 [HIGH] CWE-78 CVE-2025-32821: A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can wi A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
nvd
CVE-2024-53703P2HIGHCVSS 8.1v10.2.1.13-72sv and earlier versions2024-12-05
CVE-2024-53703 [HIGH] CWE-121 CVE-2024-53703: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_http A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
nvd
CVE-2021-20017P3HIGHCVSS 8.8v10.2.0.5 and earlier2021-03-13
CVE-2021-20017 [HIGH] CWE-78 CVE-2021-20017: A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated att A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
nvd
CVE-2025-32820P3HIGHCVSS 8.8v10.2.1.14-75sv and earlier versions2025-05-07
CVE-2025-32820 [HIGH] CWE-22 CVE-2025-32820: A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inj A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
nvd
CVE-2019-7486P3HIGHCVSS 8.8v9.0.0.4 and earlier2019-12-19
CVE-2019-7486 [HIGH] CWE-94 CVE-2019-7486: Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcac Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.
nvd
CVE-2019-7485P3HIGHCVSS 8.8v9.0.0.3 and earlier2019-12-19
CVE-2019-7485 [HIGH] CWE-120 CVE-2019-7485: Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEAReg Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
nvd
CVE-2024-45318P3HIGHCVSS 8.1v10.2.1.13-72sv and earlier versions2024-12-05
CVE-2024-45318 [HIGH] CWE-121 CVE-2024-45318: A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to c A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
nvd
CVE-2020-5146P3HIGHCVSS 7.2v10.2.0.2-20sv and earlier2021-01-09
CVE-2020-5146 [HIGH] CWE-78 CVE-2020-5146: A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS c A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.
nvd
CVE-2024-40763P3HIGHCVSS 7.5v10.2.1.13-72sv and earlier versions2024-12-05
CVE-2024-40763 [HIGH] CWE-122 CVE-2024-40763: Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. Th Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
nvd
CVE-2024-45319P3MEDIUMCVSS 6.3v10.2.1.13-72sv and earlier versions2024-12-05
CVE-2024-45319 [MEDIUM] CWE-798 CVE-2024-45319: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
nvd
Sonicwall Sma100 vulnerabilities | cvebase