Sonicwall Sonicwall Sma100
11 CVEs affecting Sonicwall Sonicwall Sma100. Latest disclosed: 2021-12-23. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-20050 | | 2021-12-23 | An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially e… | |
CVE-2021-20049 | | 2021-12-23 | A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server res… | |
CVE-2021-20045 | | 2021-12-08 | A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as… | |
CVE-2021-20044 | | 2021-12-08 | A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the ap… | |
CVE-2021-20043 | | 2021-12-08 | A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the no… | |
CVE-2021-20042 | | 2021-12-08 | An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affec… | |
CVE-2021-20041 | | 2021-12-08 | An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles result… | |
CVE-2021-20040 | | 2021-12-08 | A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody… | |
CVE-2021-20039 | | 2021-12-08 | Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to i… | |
CVE-2021-20038 | | 2021-12-08 | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to po… | |
CVE-2021-20016 | | 2021-02-03 | A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password… |