Security News > 2021 > February > Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices
"A few thousand devices are impacted," SonicWall said in a statement, adding, "SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability."
On January 22, The Hacker News exclusively revealed that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting "Probable zero-day vulnerabilities" in its SMA 100 series remote access devices.
While SonicWall has not shared many details about the intrusion citing an ongoing investigation, the latest development points to evidence that a critical zero-day in the SMA 100 series 10.x code may have been exploited to carry out the attack.
"If the SMA 100 series is behind a firewall, block all access to the SMA 100 on the firewall," the company said.
SonicWall has formally released a patch to address a zero-day vulnerability in SMA 100 series 10.x code.
"All SonicWall customers with active SMA 100 series devices running 10.x code should immediately apply the patch on physical and virtual appliances," the company said in a statement.
News URL
Related news
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)