Sonicwall Sma1000 vulnerabilities

4 known vulnerabilities affecting sonicwall/sonicwall_sma1000.

Total CVEs

4

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2023-0126HIGHCVSS 7.5PoCv12.4.22023-01-19

CVE-2023-0126 [HIGH] CWE-22 CVE-2023-0126: Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

CVE-2022-22282CRITICALCVSS 9.8v12.4.0v12.4.12022-05-13

CVE-2022-22282 [CRITICAL] CWE-284 CVE-2022-22282: SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts ac SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

CVE-2022-1701HIGHCVSS 7.5v12.4.0v12.4.12022-05-13

CVE-2022-1701 [HIGH] CWE-321 CVE-2022-1701: SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-c SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

CVE-2022-1702MEDIUMCVSS 6.1v12.4.0v12.4.12022-05-13

CVE-2022-1702 [MEDIUM] CWE-601 CVE-2022-1702: SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.