Vulnerabilities in SonicWall
187 resultsCVE-2021-20038CRITICALA Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticEPSS 99.9%KEVCVE-2019-7481HIGHVulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted EPSS 99.9%KEVCVE-2024-53704HIGHAn Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.EPSS 95.1%KEVCVE-2023-34127HIGHImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall AnalytiEPSS 86.7%CVE-2021-20021CRITICALA vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a craftedEPSS 83.4%KEVCVE-2021-20034—An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete aEPSS 80.7%CVE-2021-20039HIGHImproper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authentiEPSS 78.1%CVE-2023-34133HIGHImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an EPSS 77.0%CVE-2023-44221HIGHImproper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrEPSS 74.9%KEVCVE-2023-0126HIGHPre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitEPSS 72.7%CVE-2022-22274—A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of ServEPSS 57.3%CVE-2025-40596HIGHA Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of SeEPSS 56.1%CVE-2025-40598MEDIUMA Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker tEPSS 53.2%CVE-2021-20023MEDIUMSonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on thEPSS 51.4%KEVCVE-2023-34129—Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenEPSS 42.9%CVE-2023-0656—A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which EPSS 41.3%CVE-2023-34124CRITICALThe authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issueEPSS 40.9%CVE-2021-20044—A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS systemEPSS 40.1%CVE-2021-20016CRITICALA SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to accessEPSS 40.0%KEVCVE-2021-20028CRITICALImproper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, sEPSS 30.1%KEV