Vulnerabilities > Sonicwall > SMA 100 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-20049 | Information Exposure Through Discrepancy vulnerability in Sonicwall products A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. | 5.0 |
| 2021-12-23 | CVE-2021-20050 | Unspecified vulnerability in Sonicwall products An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | 7.5 |
| 2021-02-04 | CVE-2021-20016 | SQL Injection vulnerability in Sonicwall products A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | 7.5 |
| 2021-01-09 | CVE-2020-5146 | OS Command Injection vulnerability in Sonicwall SMA 100 Firmware 10.2.0.220Sv/9.0.0.4 A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. | 9.0 |
| 2019-12-19 | CVE-2019-7486 | Code Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.4 Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. | 6.5 |
| 2019-12-19 | CVE-2019-7485 | Classic Buffer Overflow vulnerability in Sonicwall SMA 100 Firmware Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. | 6.5 |
| 2019-12-19 | CVE-2019-7484 | SQL Injection vulnerability in Sonicwall SMA 100 Firmware Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. | 4.0 |
| 2019-12-19 | CVE-2019-7483 | Path Traversal vulnerability in Sonicwall SMA 100 Firmware In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | 5.0 |
| 2019-12-19 | CVE-2019-7482 | Out-of-bounds Write vulnerability in Sonicwall SMA 100 Firmware Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. | 7.5 |
| 2019-12-17 | CVE-2019-7481 | SQL Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. | 5.0 |