📦

tz370

Vendor: sonicwall

Login to add this product to WatchStack
Actively Exploited 2 CISA KEV List
PoC / Exploits 5 Code Available
Total RCEs 13 Remote Access
Total CVEs 47 Total Indexed
Avg. EPSS 6.77% Exploit Prob.
Latest CVE CVE-2026-0206 Apr 29

Security Vulnerability Index

Page 3 / 5
6.5 CVSS
CVE-2023-39280
RCE

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.

EPSS: 0.48%
6.5 CVSS
CVE-2023-39279
RCE

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.

EPSS: 0.48%
6.5 CVSS
CVE-2023-39278
RCE

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.

EPSS: 0.48%
6.5 CVSS
CVE-2023-39277
RCE

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

EPSS: 0.48%
6.5 CVSS
CVE-2023-39276
RCE

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.

EPSS: 0.63%
7.5 CVSS
CVE-2022-47522
Exploit Found

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

EPSS: 12.59%
8.8 CVSS
CVE-2023-1101

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

EPSS: 0.35%
7.5 CVSS
CVE-2023-0656
RCE Exploit Found

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

EPSS: 31.49%
7.5 CVSS
CVE-2022-22278

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

EPSS: 0.27%
5.3 CVSS
CVE-2022-22277

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.

EPSS: 0.16%