cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53703,https://securityvulnerability.io/vulnerability/CVE-2024-53703,SonicWall SMA100 SSLVPN Firmware Vulnerability Could Lead to Code Execution,A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.,Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:59:35.490Z,0
CVE-2024-53702,https://securityvulnerability.io/vulnerability/CVE-2024-53702,Predictable Pseudo-Random Number Generator Vulnerability in SonicWall SMA100 SSLVPN,"Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.",Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:53:37.282Z,0
CVE-2024-45319,https://securityvulnerability.io/vulnerability/CVE-2024-45319,Certificate Requirement Circumvention Vulnerability in SonicWall SMA100 SSLVPN Firmware,"A vulnerability in the SonicWall SMA100 SSLVPN 

firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.",Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:50:28.768Z,0
CVE-2024-45318,https://securityvulnerability.io/vulnerability/CVE-2024-45318,Buffer Overflow Vulnerability in SonicWall SMA100 SSLVPN Could Lead to Code Execution,A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.,Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:43:31.716Z,0
CVE-2024-40763,https://securityvulnerability.io/vulnerability/CVE-2024-40763,Heap-based Buffer Overflow Vulnerability in SonicWall SMA100 SSLVPN,Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.,Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:39:19.644Z,0
CVE-2023-44221,https://securityvulnerability.io/vulnerability/CVE-2023-44221,OS Command Injection Vulnerability in SMA100 SSL-VPN by SonicWall,"An OS command injection vulnerability exists in the management interface of SonicWall's SMA100 SSL-VPN. This issue arises due to improper handling of special elements, allowing authenticated attackers with administrative privileges to execute arbitrary commands as the 'nobody' user. This can potentially compromise the security of the underlying operating system, enabling access to sensitive information or further system misconfiguration.",Sonicwall,Sma100,7.2,HIGH,0.0014199999859556556,false,,false,false,false,,,false,false,,2023-12-05T21:15:00.000Z,0
CVE-2023-5970,https://securityvulnerability.io/vulnerability/CVE-2023-5970,Improper Authentication in SMA100 SSL-VPN by SonicWall,"The SMA100 SSL-VPN's virtual office portal is susceptible to an authentication flaw that allows a remote authenticated attacker to exploit this weakness. By using accented characters, the attacker can create an identical external domain user, leading to a potential bypass of multi-factor authentication (MFA). This vulnerability raises significant concerns regarding user identity protection and network security for affected users.",SonicWall,SMA100,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-12-05T21:15:00.000Z,0
CVE-2022-2915,https://securityvulnerability.io/vulnerability/CVE-2022-2915,Heap-based Buffer Overflow in SonicWall SMA100 Appliance,"A Heap-based Buffer Overflow vulnerability in SonicWall's SMA100 appliance allows remote authenticated attackers to exploit the system, potentially resulting in a Denial of Service (DoS) condition or even unauthorized code execution. This vulnerability is present in versions 10.2.1.5-34sv and previous releases, making it crucial for users to promptly apply updates and mitigations to safeguard their systems.",Sonicwall,Sma100,8.8,HIGH,0.003160000080242753,false,,false,false,false,,,false,false,,2022-08-26T20:30:15.000Z,0
CVE-2022-1703,https://securityvulnerability.io/vulnerability/CVE-2022-1703,Remote Command Execution and DoS Vulnerability in SonicWall SSL-VPN Management Interface,The SonicWall SSL-VPN SMA100 series is affected by a vulnerability allowing remote authenticated attackers to manipulate commands via the management interface. This improper neutralization of special elements can lead to execution of arbitrary OS commands and potentially allow attackers to disrupt services through denial of service (DoS) attacks. Organizations using the affected series must implement security patches and follow recommended practices to mitigate the risks associated with this vulnerability.,Sonicwall,Sma100,8.8,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2022-06-03T21:10:10.000Z,0
CVE-2021-20050,https://securityvulnerability.io/vulnerability/CVE-2021-20050,Improper Access Control Vulnerability in SonicWall SMA100 Series,"The SonicWall SMA100 series suffers from an improper access control vulnerability that allows unauthorized access to restricted management APIs. This exposure could potentially reveal sensitive configuration metadata to attackers without requiring user login, thereby posing a security risk to the integrity of the system's management capabilities.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-12-23T01:20:11.000Z,0
CVE-2021-20049,https://securityvulnerability.io/vulnerability/CVE-2021-20049,SonicWall SMA100 Password Change API Vulnerability,"A vulnerability exists in the SonicWall SMA100 password change API, enabling remote unauthenticated attackers to enumerate usernames based on server responses. This issue affects specific versions, including 10.2.1.2-24sv, 10.2.0.8-37sv, and earlier 10.x releases, potentially compromising system security through this exploitable flaw.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.0027199999894946814,false,,false,false,false,,,false,false,,2021-12-23T01:20:09.000Z,0
CVE-2021-20045,https://securityvulnerability.io/vulnerability/CVE-2021-20045,Buffer Overflow in SonicWall SMA Appliances,"A buffer overflow vulnerability exists within the SMA100 sonicfiles RAC_COPY_TO method, which could allow an unauthenticated remote attacker to execute arbitrary code within the context of the 'nobody' user on the device. This security flaw impacts SMA 200, 210, 400, 410, and 500v appliances, potentially leading to unauthorized control of the affected systems.",Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.004989999812096357,false,,false,false,false,,,false,false,,2021-12-08T09:55:29.000Z,0
CVE-2021-20044,https://securityvulnerability.io/vulnerability/CVE-2021-20044,Remote Command Injection in SonicWall SMA100 Appliances,"An authenticated remote command injection vulnerability exists in SonicWall's SMA100 appliances, enabling an attacker with valid credentials to execute arbitrary OS commands. This flaw affects the SMA 200, 210, 400, 410, and 500v models, potentially compromising the security of the entire system. Ensure your devices are updated to mitigate the risk associated with this vulnerability.",Sonicwall,Sonicwall Sma100,8.8,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2021-12-08T09:55:28.000Z,0
CVE-2021-20043,https://securityvulnerability.io/vulnerability/CVE-2021-20043,Heap-Based Buffer Overflow Vulnerability in SonicWall SMA Appliances,"A heap-based buffer overflow vulnerability exists in the SonicWall SMA100 appliance, specifically in the getBookmarks method. This flaw may allow a remote authenticated attacker to gain unauthorized access and execute arbitrary code with the privileges of the 'nobody' user. This vulnerability impacts multiple models in the SMA series, making it crucial for organizations using affected appliances to apply necessary security measures and updates.",Sonicwall,Sonicwall Sma100,8.8,HIGH,0.002050000010058284,false,,false,false,false,,,false,false,,2021-12-08T09:55:27.000Z,0
CVE-2021-20042,https://securityvulnerability.io/vulnerability/CVE-2021-20042,Unauthorized Proxy Bypass in SonicWall SMA Appliances,"An unauthenticated remote attacker can exploit a vulnerability in SonicWall SMA appliances to use the device as an unintended proxy. This issue enables the attacker to bypass firewall rules and potentially gain access to sensitive internal resources without detection, posing a significant security risk to networks reliant on these appliances.",Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.005640000104904175,false,,false,false,false,,,false,false,,2021-12-08T09:55:25.000Z,0
CVE-2021-20041,https://securityvulnerability.io/vulnerability/CVE-2021-20041,Remote Code Execution Vulnerability in SonicWall SMA Appliances,"An unauthenticated remote attacker can exploit this vulnerability in SonicWall SMA appliances by sending specially crafted HTTP requests. This results in a resource exhaustion issue, causing the affected devices to enter a state where the CPU usage significantly increases due to continuous looping processes with no feasible exit condition. The impacted appliances include models SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v, making it crucial for users to implement safeguards and monitor network traffic.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.0030400000978261232,false,,false,false,false,,,false,false,,2021-12-08T09:55:24.000Z,0
CVE-2021-20040,https://securityvulnerability.io/vulnerability/CVE-2021-20040,Relative Path Traversal Vulnerability in SonicWall SMA Appliances,"A security vulnerability exists in the SMA100 upload function that allows remote unauthenticated attackers to exploit relative path traversal. This flaw enables attackers to upload malicious web pages or files with the privileges of the 'nobody' user. It primarily impacts SonicWall SMA 200, 210, 400, 410, and 500v appliances, posing a significant risk to system integrity.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.002090000081807375,false,,false,false,false,,,false,false,,2021-12-08T09:55:23.000Z,0
CVE-2021-20039,https://securityvulnerability.io/vulnerability/CVE-2021-20039,Authenticated Command Injection in SonicWall SMA100 Management Interface,"An authenticated command injection vulnerability exists in the SMA100 management interface, specifically at the endpoint '/cgi-bin/viewcert' when handled via the POST HTTP method. This flaw can be exploited by a remote and authenticated attacker, enabling them to execute arbitrary commands on the system as a 'nobody' user. The issue impacts numerous models within the SMA100 series, including the SMA 200, 210, 400, 410, and 500v appliances, posing significant risks to the integrity and confidentiality of data managed by these devices.",Sonicwall,Sonicwall Sma100,8.8,HIGH,0.8412700295448303,false,,false,false,false,,,false,false,,2021-12-08T09:55:21.000Z,0
CVE-2021-20038,https://securityvulnerability.io/vulnerability/CVE-2021-20038,Stack-Based Buffer Overflow in SMA100 Apache httpd Server by SonicWall,"A stack-based buffer overflow vulnerability in the Apache httpd server's mod_cgi module on SonicWall's SMA100 appliances could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the 'nobody' user. This issue affects multiple SMA appliance models, specifically versions prior to firmware updates 10.2.0.8-37sv, 10.2.1.1-19sv, and 10.2.1.2-24sv. Users are advised to update their firmware to mitigate this risk and secure their systems against potential exploitation.",Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.9672200083732605,true,2022-01-28T00:00:00.000Z,false,true,true,2022-01-28T00:00:00.000Z,true,false,false,,2021-12-08T09:55:20.000Z,0
CVE-2021-20035,https://securityvulnerability.io/vulnerability/CVE-2021-20035,Command Injection Vulnerability in SMA100 Management Interface by SonicWall,"A vulnerability exists in the SMA100 management interface where improper neutralization of special elements allows remote authenticated attackers to execute arbitrary commands with the permissions of a 'nobody' user. This flaw could potentially lead to a denial of service, impacting the availability of the system.",Sonicwall,Sma100,6.5,MEDIUM,0.0012499999720603228,false,,false,false,false,,,false,false,,2021-09-27T17:20:12.000Z,0
CVE-2021-20034,https://securityvulnerability.io/vulnerability/CVE-2021-20034,Improper Access Control in SonicWall SMA100 Affects Security Features,"The SonicWall SMA100 product is subjected to an improper access control vulnerability that enables remote, unauthenticated attackers to bypass path traversal protections. This flaw allows attackers to delete arbitrary files within the system, which could lead to significant issues, such as a complete reboot to factory default settings. Users of the affected version should take immediate action to mitigate potential risks associated with this vulnerability.",Sonicwall,Sma100,9.1,CRITICAL,0.2985300123691559,false,,false,false,false,,,false,false,,2021-09-27T17:20:10.000Z,0
CVE-2021-20018,https://securityvulnerability.io/vulnerability/CVE-2021-20018,,A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.,Sonicwall,Sma100,4.9,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-03-13T02:10:15.000Z,0
CVE-2021-20017,https://securityvulnerability.io/vulnerability/CVE-2021-20017,,A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.,Sonicwall,Sma100,8.8,HIGH,0.0031399999279528856,false,,false,false,false,,,false,false,,2021-03-13T02:10:14.000Z,0
CVE-2021-20016,https://securityvulnerability.io/vulnerability/CVE-2021-20016,,A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.,Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.026809999719262123,true,2021-11-03T00:00:00.000Z,false,true,true,2021-11-03T00:00:00.000Z,,false,false,,2021-02-04T06:15:00.000Z,0
CVE-2020-5146,https://securityvulnerability.io/vulnerability/CVE-2020-5146,,A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.,Sonicwall,Sma100,7.2,HIGH,0.002839999971911311,false,,false,false,false,,,false,false,,2021-01-09T00:15:14.000Z,0