Vulnerabilities > Sonicwall
|2022-06-08||CVE-2022-1703|| OS Command Injection vulnerability in Sonicwall products |
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
| 9.0 |
|2022-05-13||CVE-2022-1701|| Use of Hard-coded Credentials vulnerability in Sonicwall products |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
| 5.0 |
|2022-05-13||CVE-2022-1702|| Open Redirect vulnerability in Sonicwall products |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
| 5.8 |
|2022-05-13||CVE-2022-22281|| Classic Buffer Overflow vulnerability in Sonicwall Netextender |
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
| 7.2 |
|2022-05-13||CVE-2022-22282|| Missing Authorization vulnerability in Sonicwall products |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.
| 7.5 |
|2022-05-04||CVE-2021-20051|| Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314/4.10.6 |
SonicWall Global VPN Client 126.96.36.1997 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components.
| 6.9 |
|2022-04-27||CVE-2022-22275|| Unspecified vulnerability in Sonicwall Sonicos 188.8.131.52/184.108.40.206 |
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.
| 5.0 |
|2022-04-27||CVE-2022-22276|| Information Exposure vulnerability in Sonicwall products |
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.
| 5.0 |
|2022-04-27||CVE-2022-22277|| Information Exposure vulnerability in Sonicwall products |
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.
| 5.0 |
|2022-04-27||CVE-2022-22278|| Allocation of Resources Without Limits or Throttling vulnerability in Sonicwall products |
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
| 5.0 |