Vulnerabilities > Sonicwall > SMA 100 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-20049 | Information Exposure Through Discrepancy vulnerability in Sonicwall products A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. | 7.5 |
| 2021-12-23 | CVE-2021-20050 | Unspecified vulnerability in Sonicwall products An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | 7.5 |
| 2021-01-09 | CVE-2020-5146 | OS Command Injection vulnerability in Sonicwall SMA 100 Firmware A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. | 7.2 |
| 2019-12-19 | CVE-2019-7486 | Code Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3/9.0.0.4 Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. | 8.8 |
| 2019-12-19 | CVE-2019-7485 | Classic Buffer Overflow vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. | 8.8 |
| 2019-12-19 | CVE-2019-7483 | Path Traversal vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | 7.5 |
| 2019-12-17 | CVE-2019-7481 | SQL Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. | 7.5 |