threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sonicwall sma 100 firmware
Product
sonicwall sma 100 firmware
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-32821
< 10.2.1.15-81sv
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject
7.2
HIGH
CVE-2025-32820
< 10.2.1.15-81sv
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence
8.8
HIGH
CVE-2025-32819
< 10.2.1.15-81sv
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks a
8.8
HIGH
CVE-2021-20050
< 10.0.0.0
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible withou
7.5
HIGH
CVE-2021-20049
< 10.0.0.0
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumer
7.5
HIGH
CVE-2021-3450
< 10.2.1.0-17sv
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4
HIGH
CVE-2021-3449
>= 10.2.0.0 and < 10.2.1.0-17sv
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9
MEDIUM
CVE-2021-20018
<= 10.2.0.5
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email
4.9
MEDIUM
CVE-2021-20017
<= 10.2.0.5
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands a
8.8
HIGH
CVE-2021-20016
>= 10.0.0.0 and < 10.2.0.5-d-29sv
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query
9.8
CRITICAL
CVE-2020-5146
<= 10.2.0.2-20sv
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP PO
7.2
HIGH
CVE-2020-5132
all versions
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name
5.3
MEDIUM
CVE-2019-7486
<= 9.0.0.4
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerabi
8.8
HIGH
CVE-2019-7485
<= 9.0.0.3
Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnera
8.8
HIGH
CVE-2019-7484
<= 9.0.0.3
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI
6.5
MEDIUM
CVE-2019-7483
< 9.0.0.4
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for
7.5
HIGH
CVE-2019-7482
<= 9.0.0.3
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. Th
9.8
CRITICAL
CVE-2019-7481
< 9.0.0.4
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin