Sonicwall Sma1000
11 CVEs affecting Sonicwall Sma1000. Latest disclosed: 2026-04-09. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4116 | High | 7.2 | 2026-04-09 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP… |
CVE-2026-4113 | High | 7.2 | 2026-04-09 | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. |
CVE-2026-4112 | High | 7.2 | 2026-04-09 | Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attac… |
CVE-2026-4114 | Medium | 6.6 | 2026-04-09 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. |
CVE-2025-40602 | | 2025-12-18 | A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | |
CVE-2025-40595 | | 2025-05-14 | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthe… | |
CVE-2025-2170 | | 2025-04-30 | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potent… | |
CVE-2025-23006 | | 2025-01-23 | Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management… | |
CVE-2024-45317 | | 2024-10-11 | A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to… | |
CVE-2020-5132 | | 2020-09-30 | SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. Whe… | |
CVE-2020-5129 | | 2020-03-26 | A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Ser… |