An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Sma 200
HWSonicwallwszystkie wersjeSonicwall Sma 200 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31svSonicwall Sma 210
HWSonicwallwszystkie wersjeSonicwall Sma 210 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31svSonicwall Sma 400
HWSonicwallwszystkie wersjeSonicwall Sma 400 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31svSonicwall Sma 410
HWSonicwallwszystkie wersjeSonicwall Sma 410 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31svSonicwall Sma 500v
HWSonicwallwszystkie wersjeSonicwall Sma 500v Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31sv
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Firewall
Related vulnerabilities
CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie
CVE-2021-20038CRITICAL9.8⚠ KEVten sam produkt
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...
CVE-2021-20028CRITICAL9.8⚠ KEVten sam produkt
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...
CVE-2021-20016CRITICAL9.8⚠ KEVten sam produkt
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...
CVE-2025-40599CRITICAL9.1PL ✓ten sam produkt
SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE