cbcvebase.

Sonicwall Sma 200 Firmware vulnerabilities

26 known vulnerabilities affecting sonicwall/sma_200_firmware.

Total CVEs
26
CISA KEV
4
actively exploited
Public exploits
5
Exploited in wild
8
Severity breakdown
CRITICAL6HIGH16MEDIUM4

Vulnerabilities

Page 2 of 2
CVE-2024-45318P3HIGHCVSS 8.1fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-45318 [HIGH] CWE-121 CVE-2024-45318: A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to c A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
nvd
CVE-2024-40763P3HIGHCVSS 7.5fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-40763 [HIGH] CWE-122 CVE-2024-40763: Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. Th Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
nvd
CVE-2021-20050P3HIGHCVSS 7.5fixed in 10.0.0.0v10.2.0.8-37sv+1 more2021-12-23
CVE-2021-20050 [HIGH] CWE-284 CVE-2021-20050: An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted managemen An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
nvd
CVE-2024-45319P3MEDIUMCVSS 6.3fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-45319 [MEDIUM] CWE-798 CVE-2024-45319: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
nvd
CVE-2024-22395P3MEDIUMCVSS 6.3fixed in 10.2.1.11-65sv2024-02-24
CVE-2024-22395 [MEDIUM] CWE-287 CVE-2024-22395: Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office porta Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
nvd
CVE-2024-53702P4MEDIUMCVSS 5.3fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-53702 [MEDIUM] CWE-338 CVE-2024-53702: Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall S Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
nvd
Sonicwall Sma 200 Firmware vulnerabilities | cvebase