What is CVE-2023-0126?

CVE-2023-0126 is a vulnerability in Sonicwall Sma1000, classified under Path Traversal. Published 2023-01-19.

Is CVE-2023-0126 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Sonicwall Sma1000

CVE-2023-0126

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.930 (99.8th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma1000 — versions 12.4.2

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

1cYinfinity/One-liner-command
Gerxnox/One-Liner-Collections
Karthik-HR0/Many-Liner
MuhammadWaseem29/Oneliner-Automations-
shahinulm2011/Oneliner-Automations-
thecybertix/One-Liner-Collections

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001

Frequently asked questions

What is CVE-2023-0126?: CVE-2023-0126 is a vulnerability in Sonicwall Sma1000, classified under Path Traversal. Published 2023-01-19.
Is CVE-2023-0126 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.