Sonicwall: >> Sma 410 Firmware >> 9.0.0.11-31sv Security Vulnerabilities
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-12-23
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-12-08
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-12-08
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVSS Score
8.8
EPSS Score
0.825
Published
2021-12-08
Page 3