Sonicwall: >> Tz370w Security Vulnerabilities
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-17
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-17
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-17
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-17
SonicOS p
ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-17
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
CVSS Score
7.5
EPSS Score
0.143
Published
2023-04-15
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
CVSS Score
7.5
EPSS Score
0.385
Published
2023-03-02
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-03-02
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-27
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-27