📦

tz670

Vendor: sonicwall

Actively Exploited 2 CISA KEV List

PoC / Exploits 5 Code Available

Total RCEs 13 Remote Access

Total CVEs 47 Total Indexed

Avg. EPSS 6.77% Exploit Prob.

Latest CVE CVE-2026-0206 Apr 29

Security Vulnerability Index

Page 2 / 5

Critical Target

9.8 CVSS

CVE-2024-53704

Exploit Found

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

EPSS: 93.86%

Severity: CRITICAL

Jan 09, 2025

9.8 CVSS

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

EPSS: 3.44%

Severity: CRITICAL

Aug 23, 2024

7.5 CVSS

CVE-2024-40764

RCE

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

EPSS: 10.16%

Severity: HIGH

Jul 18, 2024

6.5 CVSS

CVE-2024-29013

RCE

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.

EPSS: 2.28%

Severity: MEDIUM

Jun 20, 2024

7.5 CVSS

CVE-2024-29012

RCE

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

EPSS: 2.25%

Severity: HIGH

Jun 20, 2024

9.8 CVSS

CVE-2024-22394

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.

EPSS: 0.96%

Severity: CRITICAL

Feb 08, 2024

8.8 CVSS

CVE-2023-41715

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.

EPSS: 0.34%

Severity: HIGH

Oct 17, 2023

7.5 CVSS

CVE-2023-41713

SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.

EPSS: 0.29%

Severity: HIGH

Oct 17, 2023

6.5 CVSS

CVE-2023-41712

RCE

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.

EPSS: 0.48%

Severity: MEDIUM

Oct 17, 2023

6.5 CVSS

CVE-2023-41711

RCE

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.

EPSS: 0.48%

Severity: MEDIUM

Oct 17, 2023

Displaying 10 of 47 Total Entries

1 2 3 4 5

Total 5 Sections