← back
CVE-2019-7481

CVE-2019-7481

CVSS 7.5 HIGHEPSS 99.9%● KEVCWE-89
In short

An unauthenticated attacker can read sensitive data they shouldn't have access to on SonicWall SMA100 devices running version 9.0.0.3 or earlier. This allows unauthorized information disclosure without needing valid credentials.

Technical detail

SQL injection vulnerability (CWE-89) in SonicWall SMA100 enables unauthenticated remote attackers to bypass authentication controls and execute arbitrary SQL queries, resulting in read-only access to unauthorized database resources. The vulnerability affects versions 9.0.0.3 and earlier, with no authentication required as a pre-condition.

Summary generated and translated by AI from the official description.
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
SonicWall · SMA100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0016https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7481