EUVD-2026-20908
GHSA-98v3-fwpf-r4w2
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
AnalysisAI
Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to circumvent TOTP requirements via Unicode encoding manipulation. Affects SMA1000 versions 12.5.0-02283 and 12.4.3-03245 and earlier. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
24 hours: Inventory all SonicWall SMA1000 appliances and document current firmware versions; contact SonicWall support for patch availability timeline and interim security advisories. 7 days: Implement network segmentation to restrict VPN appliance administrative access to authorized networks only; enable detailed audit logging for all administrative authentication events on affected devices. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today