Shodan
Vulnerabilities
Vulnerable Software
Sonicwall:  >> Sma 200 Firmware  >> 10.2.1.11-65sv  Security Vulnerabilities
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-05-07
CVE-2025-32820
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
CVSS Score
8.8
EPSS Score
0.006
Published
2025-05-07
CVE-2025-32821
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-05-07
CVE-2024-53703
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
CVSS Score
8.1
EPSS Score
0.004
Published
2024-12-05
CVE-2024-45318
A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
CVSS Score
8.1
EPSS Score
0.006
Published
2024-12-05
CVE-2024-45319
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-12-05
CVE-2024-53702
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-12-05
CVE-2024-38475
Known exploited
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVSS Score
9.1
EPSS Score
0.938
Published
2024-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved