📦

sma_400

Vendor: sonicwall

Actively Exploited 5 CISA KEV List

PoC / Exploits 4 Code Available

Total RCEs 8 Remote Access

Total CVEs 28 Total Indexed

Avg. EPSS 19.14% Exploit Prob.

Latest CVE CVE-2025-32821 May 07

Security Vulnerability Index

Page 1 / 3

7.2 CVSS

CVE-2025-32821

RCE

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

EPSS: 0.56%

Severity: HIGH

May 07, 2025

8.8 CVSS

CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

EPSS: 1.00%

Severity: HIGH

May 07, 2025

8.8 CVSS

CVE-2025-32819

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

EPSS: 0.86%

Severity: HIGH

May 07, 2025

8.1 CVSS

CVE-2024-53703

Exploit Found

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

EPSS: 29.15%

Severity: HIGH

Dec 05, 2024

5.3 CVSS

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

EPSS: 0.37%

Severity: MEDIUM

Dec 05, 2024

6.3 CVSS

CVE-2024-45319

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.

EPSS: 0.74%

Severity: MEDIUM

Dec 05, 2024

8.1 CVSS

CVE-2024-45318

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

EPSS: 3.04%

Severity: HIGH

Dec 05, 2024

7.5 CVSS

CVE-2024-40763

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

EPSS: 10.78%

Severity: HIGH

Dec 05, 2024

Critical Target

9.1 CVSS

CVE-2024-38475

Exploit Found

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

EPSS: 93.86%

Severity: CRITICAL

Jul 01, 2024

6.3 CVSS

CVE-2024-22395

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

EPSS: 0.49%

Severity: MEDIUM

Feb 24, 2024

Displaying 10 of 28 Total Entries

1 2 3

Total 3 Sections