threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sonicwall sma 400 firmware
Product
sonicwall sma 400 firmware
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-32821
< 10.2.1.15-81sv
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject
7.2
HIGH
CVE-2025-32820
< 10.2.1.15-81sv
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence
8.8
HIGH
CVE-2025-32819
< 10.2.1.15-81sv
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks a
8.8
HIGH
CVE-2024-53703
< 10.2.1.14-75sv
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apach
8.1
HIGH
CVE-2024-53702
< 10.2.1.14-75sv
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code gener
5.3
MEDIUM
CVE-2024-45319
< 10.2.1.14-75sv
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attac
6.3
MEDIUM
CVE-2024-45318
< 10.2.1.14-75sv
A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overfl
8.1
HIGH
CVE-2024-40763
< 10.2.1.14-75sv
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated
7.5
HIGH
CVE-2024-38475
< 10.2.1.14-75sv
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem l
9.1
CRITICAL
CVE-2024-22395
< 10.2.1.11-65sv
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific condition
6.3
MEDIUM
CVE-2023-5970
<= 10.2.1.9-57sv
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical
8.8
HIGH
CVE-2023-44221
<= 10.2.1.9-57sv
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with
7.2
HIGH
CVE-2022-2915
<= 10.2.1.5-34sv
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denia
8.8
HIGH
CVE-2022-22273
<= 9.0.0.9-26sv
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Acce
9.8
CRITICAL
CVE-2021-20050
< 10.0.0.0
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible withou
7.5
HIGH
CVE-2021-20049
< 10.0.0.0
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumer
7.5
HIGH
CVE-2021-20045
all versions
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to
9.8
CRITICAL
CVE-2021-20044
all versions
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute
8.8
HIGH
CVE-2021-20043
all versions
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to poten
8.8
HIGH
CVE-2021-20042
all versions
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall ru
9.8
CRITICAL
CVE-2021-20041
all versions
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare
7.5
HIGH
CVE-2021-20040
all versions
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted we
7.5
HIGH
CVE-2021-20039
all versions
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remot
8.8
HIGH
CVE-2021-20038
all versions
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote u
9.8
CRITICAL
CVE-2021-20035
< 9.0.0.11-31sv
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject ar
6.5
MEDIUM
CVE-2021-20034
<= 9.0.0.10-28sv
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks an
9.1
CRITICAL
CVE-2021-20016
all versions
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin