A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NSonicwall Sma100
HWSonicwallwszystkie wersjeSonicwall Sma 100 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0Sonicwall Sma200
HWSonicwallwszystkie wersjeSonicwall Sma 200 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0Sonicwall Sma210
HWSonicwallwszystkie wersjeSonicwall Sma 210 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0Sonicwall Sma400
HWSonicwallwszystkie wersjeSonicwall Sma 400 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0Sonicwall Sma410
HWSonicwallwszystkie wersjeSonicwall Sma 410 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0Sonicwall Sma500v
HWSonicwallwszystkie wersjeSonicwall Sma 500v Firmware
OSSonicwall10.2.0.8-37sv10.2.1.2-24sv< 10.0.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
Powiązane podatności
CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie
CVE-2021-20038CRITICAL9.8⚠ KEVten sam produkt
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...
CVE-2021-20028CRITICAL9.8⚠ KEVten sam produkt
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...
CVE-2021-20016CRITICAL9.8⚠ KEVten sam produkt
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...
CVE-2025-40599CRITICAL9.1PL ✓ten sam produkt
SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE