cbcvebase.

Sonicwall Sma6200 Firmware vulnerabilities

6 known vulnerabilities affecting sonicwall/sma6200_firmware.

Total CVEs
6
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-23006P1CRITICALCVSS 9.8KEVRansomwarefixed in 12.4.3-028542025-01-23
CVE-2025-23006 [CRITICAL] CWE-502 CVE-2025-23006: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA100 Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
nvd
CVE-2025-40602P1MEDIUMCVSS 6.6KEVRansomwarefixed in 12.4.3-03245≥ 12.5.0, < 12.5.0-022832025-12-18
CVE-2025-40602 [MEDIUM] CWE-250 CVE-2025-40602: A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA100 A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
nvd
CVE-2026-4116P3HIGHCVSS 7.2fixed in 12.4.3-03387≥ 12.5.0, < 12.5.0-026242026-04-09
CVE-2026-4116 [HIGH] CWE-176 CVE-2026-4116: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
nvd
CVE-2026-4112P3HIGHCVSS 7.2fixed in 12.4.3-03387≥ 12.5.0, < 12.5.0-026242026-04-09
CVE-2026-4112 [HIGH] CWE-89 CVE-2026-4112: Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SM Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
nvd
CVE-2026-4113P3HIGHCVSS 7.2fixed in 12.4.3-03387≥ 12.5.0, < 12.5.0-026242026-04-09
CVE-2026-4113 [HIGH] CWE-204 CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
nvd
CVE-2026-4114P3MEDIUMCVSS 6.6fixed in 12.4.3-03387≥ 12.5.0, < 12.5.0-026242026-04-09
CVE-2026-4114 [MEDIUM] CWE-176 CVE-2026-4114: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
nvd
Sonicwall Sma6200 Firmware vulnerabilities | cvebase