Skip to main content

Sma 500V

3 CVEs product

Monthly

CVE-2021-20035 MEDIUM KEV THREAT This Month

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware Sma 410 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2021-20034 CRITICAL POC THREAT Act Now

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
80.7%
CVE-2021-20016 CRITICAL KEV THREAT Act Now

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sonicwall Sma 100 Firmware Sma 200 Firmware Sma 210 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
40.0%
EPSS 4% CVSS 6.5
MEDIUM KEV THREAT This Month

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sma 200 Firmware Sma 210 Firmware +3
NVD
EPSS 81% CVSS 9.1
CRITICAL POC THREAT Act Now

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Sma 200 Firmware +4
NVD Exploit-DB
EPSS 40% CVSS 9.8
CRITICAL KEV THREAT Act Now

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sonicwall Sma 100 Firmware +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy