cbcvebase.

Sonicwall Sma 210 Firmware vulnerabilities

34 known vulnerabilities affecting sonicwall/sma_210_firmware.

Total CVEs
34
CISA KEV
5
actively exploited
Public exploits
5
Exploited in wild
11
Severity breakdown
CRITICAL8HIGH19MEDIUM7

Vulnerabilities

Page 2 of 2
CVE-2025-32821P3HIGHCVSS 7.2fixed in 10.2.1.15-81sv2025-05-07
CVE-2025-32821 [HIGH] CWE-78 CVE-2025-32821: A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can wi A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
nvd
CVE-2021-20042P2CRITICALCVSS 9.8v9.0.0.11-31svv10.2.0.8-37sv+1 more2021-12-08
CVE-2021-20042 [CRITICAL] CWE-441 CVE-2021-20042: An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectab An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
nvd
CVE-2024-53703P2HIGHCVSS 8.1fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-53703 [HIGH] CWE-121 CVE-2024-53703: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_http A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
nvd
CVE-2025-32820P3HIGHCVSS 8.8fixed in 10.2.1.15-81sv2025-05-07
CVE-2025-32820 [HIGH] CWE-22 CVE-2025-32820: A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inj A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
nvd
CVE-2021-20041P3HIGHCVSS 7.5v9.0.0.11-31svv10.2.0.8-37sv+1 more2021-12-08
CVE-2021-20041 [HIGH] CWE-835 CVE-2021-20041: An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requ An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
nvd
CVE-2025-40598P3MEDIUMCVSS 6.1fixed in 10.2.2.1-90sv2025-07-23
CVE-2025-40598 [MEDIUM] CWE-79 CVE-2025-40598: A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allo A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.
nvd
CVE-2021-20049P3HIGHCVSS 7.5fixed in 10.0.0.0v10.2.0.8-37sv+1 more2021-12-23
CVE-2021-20049 [HIGH] CWE-204 CVE-2021-20049: A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
nvd
CVE-2024-45318P3HIGHCVSS 8.1fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-45318 [HIGH] CWE-121 CVE-2024-45318: A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to c A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
nvd
CVE-2024-40763P3HIGHCVSS 7.5fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-40763 [HIGH] CWE-122 CVE-2024-40763: Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. Th Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
nvd
CVE-2021-20050P3HIGHCVSS 7.5fixed in 10.0.0.0v10.2.0.8-37sv+1 more2021-12-23
CVE-2021-20050 [HIGH] CWE-284 CVE-2021-20050: An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted managemen An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
nvd
CVE-2024-45319P3MEDIUMCVSS 6.3fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-45319 [MEDIUM] CWE-798 CVE-2024-45319: A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
nvd
CVE-2024-22395P3MEDIUMCVSS 6.3fixed in 10.2.1.11-65sv2024-02-24
CVE-2024-22395 [MEDIUM] CWE-287 CVE-2024-22395: Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office porta Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
nvd
CVE-2024-53702P4MEDIUMCVSS 5.3fixed in 10.2.1.14-75sv2024-12-05
CVE-2024-53702 [MEDIUM] CWE-338 CVE-2024-53702: Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall S Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
nvd
CVE-2025-40603P4MEDIUMCVSS 4.5fixed in 10.2.2.32025-10-31
CVE-2025-40603 [MEDIUM] CWE-532 CVE-2025-40603: A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
nvd
Sonicwall Sma 210 Firmware vulnerabilities | cvebase