Sonicwall Sma100 vulnerabilities
26 known vulnerabilities affecting sonicwall/sma100.
Total CVEs
26
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
8
Severity breakdown
CRITICAL2HIGH16MEDIUM8
Vulnerabilities
Page 2 of 2
CVE-2019-7484P3MEDIUMCVSS 6.5v9.0.0.3 and earlier2019-12-19
CVE-2019-7484 [MEDIUM] CWE-89 CVE-2019-7484: Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
nvd
CVE-2024-22395P3MEDIUMCVSS 6.3v10.2.1.10-62sv and earlier versions2024-02-24
CVE-2024-22395 [MEDIUM] CWE-287 CVE-2024-22395: Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office porta
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
nvd
CVE-2020-5132P4MEDIUMCVSS 5.3vSMA100 10.2.0.2-20sv2020-09-30
CVE-2020-5132 [MEDIUM] CWE-200 CVE-2020-5132: SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of
nvd
CVE-2024-53702P4MEDIUMCVSS 5.3v10.2.1.13-72sv and earlier versions2024-12-05
CVE-2024-53702 [MEDIUM] CWE-338 CVE-2024-53702: Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall S
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
nvd
CVE-2021-20018P4MEDIUMCVSS 4.9v10.2.0.5 and earlier2021-03-13
CVE-2021-20018 [MEDIUM] CWE-200 CVE-2021-20018: A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuratio
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
nvd
CVE-2025-40603P4MEDIUMCVSS 4.5v10.2.2.2-92sv and earlier versions2025-10-31
CVE-2025-40603 [MEDIUM] CWE-532 CVE-2025-40603: A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
nvd
← Previous2 / 2