Sonicwall Sma 210 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sonicwall Sma 210 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2021-20042 — CVSS 9.8 (critical): An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This…
CVE-2021-20045 — CVSS 9.8 (critical): A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to…
CVE-2022-22273 — CVSS 9.8 (critical): Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA)…
CVE-2025-40599 — CVSS 9.1 (critical): An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with…
CVE-2021-20034 — CVSS 9.1 (critical): An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete…
CVE-2022-2915 — CVSS 8.8 (high): A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of…
CVE-2021-20039 — CVSS 8.8 (high): Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote…
CVE-2021-20043 — CVSS 8.8 (high): A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially…
CVE-2021-20044 — CVSS 8.8 (high): A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS…
CVE-2022-1703 — CVSS 8.8 (high): Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated…
CVE-2023-5970 — CVSS 8.8 (high): Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external…
CVE-2025-32819 — CVSS 8.8 (high): A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete…
CVE-2025-32820 — CVSS 8.8 (high): A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make…
CVE-2024-45318 — CVSS 8.1 (high): A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and…
CVE-2024-53703 — CVSS 8.1 (high): A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web…
CVE-2021-20041 — CVSS 7.5 (high): An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100…
CVE-2021-20040 — CVSS 7.5 (high): A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages…
CVE-2024-40763 — CVSS 7.5 (high): Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated…
CVE-2021-20050 — CVSS 7.5 (high): An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user…
CVE-2025-40597 — CVSS 7.5 (high): A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of…
CVE-2021-20049 — CVSS 7.5 (high): A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration…
CVE-2025-40596 — CVSS 7.3 (high): A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of…
CVE-2025-32821 — CVSS 7.2 (high): A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell…
CVE-2024-45319 — CVSS 6.3 (medium): A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can…
CVE-2024-22395 — CVSS 6.3 (medium): Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could…
CVE-2025-40598 — CVSS 6.1 (medium): A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker…
CVE-2024-53702 — CVSS 5.3 (medium): Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator…
CVE-2025-40603 — CVSS 4.5 (medium): A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated…