Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sonicwall Subscribe
Filtered by product Sma 410

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20034 1 Sonicwall 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more 2022-07-08 6.4 MEDIUM 9.1 CRITICAL
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVE-2021-20038 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2022-05-13 7.5 HIGH 9.8 CRITICAL
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
CVE-2021-20042 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2021-12-10 7.5 HIGH 9.8 CRITICAL
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2021-20045 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2021-12-10 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2021-20028 1 Sonicwall 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more 2021-08-11 7.5 HIGH 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.
CVE-2021-20016 1 Sonicwall 11 Sma 100, Sma 100 Firmware, Sma 200 and 8 more 2021-02-08 7.5 HIGH 9.8 CRITICAL
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.