Search criteria
23 vulnerabilities found for sma500v by sonicwall
VAR-202102-0898
Vulnerability from variot - Updated: 2025-11-18 15:33A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0898",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.5-d-29sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma100",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"cve": "CVE-2021-20016",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377635",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20016",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20016",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20016",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-20016",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20016",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-394",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-377635",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20016"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20016",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-377635",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-20016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"id": "VAR-202102-0898",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
}
],
"trust": 0.95
},
"last_update_date": "2025-11-18T15:33:58.496000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0001",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
},
{
"title": "Sonicwall SMA100 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141126"
},
{
"title": "Fireeye Threat Research",
"trust": 0.1,
"url": "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
},
{
"title": "Fireeye Threat Research",
"trust": 0.1,
"url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0001"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20016"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-20016"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-377635"
},
{
"date": "2021-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"date": "2021-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"date": "2021-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"date": "2021-02-04T06:15:13.817000",
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-377635"
},
{
"date": "2021-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"date": "2021-10-19T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"date": "2025-10-31T15:56:14.870000",
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall\u00a0SSLVPN\u00a0SMA100\u00a0 In the product \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
}
],
"trust": 0.6
}
}
VAR-202112-0361
Vulnerability from variot - Updated: 2025-11-18 15:22A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"cve": "CVE-2021-20038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20038",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20038",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20038",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20038",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-20038",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20038",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-557",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-20038",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server\u0027s mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a \u0027nobody\u0027 user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20038"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "VULMON",
"id": "CVE-2021-20038"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20038",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20038",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"id": "VAR-202112-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2025-11-18T15:22:54.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174193"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExploitPwner/CVE-2021-20038-Mass-RCE-SonicWall "
},
{
"title": "nmap-scripts",
"trust": 0.1,
"url": "https://github.com/S3ntinelX/nmap-scripts "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/XmasSnowREAL/CVE-2021-20038-Mass-RCE "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExploitPwner/CVE-2021-20038-Mass-RCE "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/attackers-now-actively-targeting-critical-sonicwall-rce-bug/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/sonicwall-nac-vulnerability-apache-mods/177529/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/01/11/sonicwall_multiple_vulns/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-sonicwall-vpn-bugs-appliance-takeover/176869/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.7,
"url": "https://github.com/jbaines-r7/badblood"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20038"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-20038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/exploitpwner/cve-2021-20038-mass-rce-sonicwall"
},
{
"trust": 0.1,
"url": "https://github.com/s3ntinelx/nmap-scripts"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/sonicwall-nac-vulnerability-apache-mods/177529/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"date": "2021-12-08T10:15:07.750000",
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"date": "2022-12-06T09:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"date": "2025-10-31T17:13:16.787000",
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Appliance out-of-bounds write vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
}
],
"trust": 0.6
}
}
VAR-202312-2070
Vulnerability from variot - Updated: 2025-11-18 15:22Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-2070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"cve": "CVE-2023-44221",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-44221",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-44221",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44221",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-44221",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-44221",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a \u0027nobody\u0027 user, potentially leading to OS Command Injection Vulnerability. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44221"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44221",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019954",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"id": "VAR-202312-2070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2025-11-18T15:22:50.322000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0018"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-44221"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44221"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"date": "2023-12-05T21:15:07.150000",
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T05:59:00",
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"date": "2025-10-31T15:56:29.743000",
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
}
],
"trust": 0.8
}
}
VAR-202112-0389
Vulnerability from variot - Updated: 2025-09-07 23:08Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL The appliance has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"cve": "CVE-2021-20039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-20039",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20039",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20039",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20039",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-20039",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20039",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-556",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of special elements in the SMA100 management interface \u0027/cgi-bin/viewcert\u0027 POST http method allows a remote authenticated attacker to inject arbitrary commands as a \u0027nobody\u0027 user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL The appliance has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20039"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20039",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "165563",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-556",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"id": "VAR-202112-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2025-09-07T23:08:27.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Repair measures for operating system command injection vulnerability in operating system",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173997"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/165563/sonicwall-sma-100-series-authenticated-command-injection.html"
},
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20039"
},
{
"trust": 1.0,
"url": "https://attackerkb.com/topics/9szjhq46lw/cve-2021-20039/rapid7-analysis"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"date": "2021-12-08T10:15:07.903000",
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"date": "2022-12-06T08:54:00",
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"date": "2025-09-05T18:15:35.313000",
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 in the appliance \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
}
],
"trust": 0.6
}
}
VAR-202507-3108
Vulnerability from variot - Updated: 2025-08-11 23:27A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-3108",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"cve": "CVE-2025-40596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2025-40596",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-011059",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-40596",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-011059",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-40596"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-40596",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-011059",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"id": "VAR-202507-3108",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-11T23:27:02.041000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0012"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-40596"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"date": "2025-07-23T15:15:32.140000",
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2025-011059"
},
{
"date": "2025-08-07T14:36:26.510000",
"db": "NVD",
"id": "CVE-2025-40596"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Stack-based buffer overflow vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011059"
}
],
"trust": 0.8
}
}
VAR-202507-3132
Vulnerability from variot - Updated: 2025-08-11 23:21A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A heap-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-3132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"cve": "CVE-2025-40597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2025-40597",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2025-011058",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-40597",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-011058",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A heap-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-40597"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-40597",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-011058",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"id": "VAR-202507-3132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-11T23:21:36.056000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0012"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-40597"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"date": "2025-07-23T15:15:32.320000",
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2025-011058"
},
{
"date": "2025-08-07T14:36:16.930000",
"db": "NVD",
"id": "CVE-2025-40597"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Heap-based buffer overflow vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011058"
}
],
"trust": 0.8
}
}
VAR-202507-3117
Vulnerability from variot - Updated: 2025-08-11 23:10A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-3117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.2.1-90sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"cve": "CVE-2025-40598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2025-40598",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-010989",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-40598",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-010989",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-40598"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-40598",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010989",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"id": "VAR-202507-3117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-11T23:10:59.783000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0012"
},
{
"trust": 1.8,
"url": "https://labs.watchtowr.com/stack-overflows-heap-overflows-and-existential-dread-sonicwall-sma100-cve-2025-40596-cve-2025-40597-and-cve-2025-40598/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-40598"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"date": "2025-07-23T15:15:32.490000",
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T02:37:00",
"db": "JVNDB",
"id": "JVNDB-2025-010989"
},
{
"date": "2025-08-07T14:36:07.667000",
"db": "NVD",
"id": "CVE-2025-40598"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010989"
}
],
"trust": 0.8
}
}
VAR-202505-1415
Vulnerability from variot - Updated: 2025-06-15 23:40A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. SMA100 firmware, SMA200 firmware, SMA210 firmware etc. SonicWALL The product has a vulnerability related to externally accessible files or directories.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma100",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"cve": "CVE-2025-32819",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-12365",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-32819",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-32819",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-32819",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-32819",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2025-32819",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12365",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"db": "NVD",
"id": "CVE-2025-32819"
},
{
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. SMA100 firmware, SMA200 firmware, SMA210 firmware etc. SonicWALL The product has a vulnerability related to externally accessible files or directories.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-32819"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"db": "CNVD",
"id": "CNVD-2025-12365"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-32819",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005297",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12365",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"id": "VAR-202505-1415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
}
]
},
"last_update_date": "2025-06-15T23:40:51.460000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SonicWall SMA100 Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/697021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.0
},
{
"problemtype": "Externally accessible file or directory (CWE-552) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0011"
},
{
"trust": 1.8,
"url": "https://old.rapid7.com/blog/post/2025/05/07/multiple-vulnerabilities-in-sonicwall-sma-100-series-2025/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-32819"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12365"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12365"
},
{
"date": "2025-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"date": "2025-05-07T18:15:42.560000",
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12365"
},
{
"date": "2025-05-20T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2025-005297"
},
{
"date": "2025-05-19T15:13:46.003000",
"db": "NVD",
"id": "CVE-2025-32819"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Vulnerabilities related to externally accessible files or directories in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005297"
}
],
"trust": 0.8
}
}
VAR-202505-1414
Vulnerability from variot - Updated: 2025-06-15 23:29A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. SMA100 firmware, SMA200 firmware, SMA210 firmware etc. SonicWALL The product contains a path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA.
SonicWall SMA100 has a path traversal vulnerability. Attackers can exploit this vulnerability to make any directory writable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1414",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma100",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"cve": "CVE-2025-32820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-12132",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-32820",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2025-32820",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-32820",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-32820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-32820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2025-32820",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12132",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"db": "NVD",
"id": "CVE-2025-32820"
},
{
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. SMA100 firmware, SMA200 firmware, SMA210 firmware etc. SonicWALL The product contains a path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA. \n\nSonicWall SMA100 has a path traversal vulnerability. Attackers can exploit this vulnerability to make any directory writable",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-32820"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"db": "CNVD",
"id": "CNVD-2025-12132"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-32820",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005296",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12132",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"id": "VAR-202505-1414",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
}
]
},
"last_update_date": "2025-06-15T23:29:38.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SonicWall SMA100 SSL-VPN Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/696026"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0011"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-32820"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12132"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12132"
},
{
"date": "2025-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"date": "2025-05-07T18:15:42.737000",
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12132"
},
{
"date": "2025-05-20T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2025-005296"
},
{
"date": "2025-05-19T15:12:48.930000",
"db": "NVD",
"id": "CVE-2025-32820"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Past traversal vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005296"
}
],
"trust": 0.8
}
}
VAR-202505-1034
Vulnerability from variot - Updated: 2025-05-22 23:09A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. SMA100 firmware, SMA200 firmware, SMA210 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.15-81sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma100",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma100 10.2.1.14-75sv",
"scope": null,
"trust": 0.6,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"cve": "CVE-2025-32821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-10180",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2025-32821",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2025-32821",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-32821",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-32821",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-32821",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2025-32821",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-10180",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"db": "NVD",
"id": "CVE-2025-32821"
},
{
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. SMA100 firmware, SMA200 firmware, SMA210 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWall SMA100 is a secure access gateway device from SonicWall, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-32821"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"db": "CNVD",
"id": "CNVD-2025-10180"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-32821",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005287",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-10180",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"id": "VAR-202505-1034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
}
]
},
"last_update_date": "2025-05-22T23:09:26.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SonicWall SMA100 SSL-VPN Remote Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/687856"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0011"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-32821"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-10180"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10180"
},
{
"date": "2025-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"date": "2025-05-07T18:15:42.853000",
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10180"
},
{
"date": "2025-05-20T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2025-005287"
},
{
"date": "2025-05-19T15:12:23.690000",
"db": "NVD",
"id": "CVE-2025-32821"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005287"
}
],
"trust": 0.8
}
}
VAR-202402-3290
Vulnerability from variot - Updated: 2024-12-11 23:08Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202402-3290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.11-65sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.11-65sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.11-65sv"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.11-65sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.11-65sv"
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"cve": "CVE-2024-22395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@sonicwall.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-22395",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-22395",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@sonicwall.com",
"id": "CVE-2024-22395",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-22395",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-22395",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"db": "NVD",
"id": "CVE-2024-22395"
},
{
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user\u0027s MFA mobile application. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-22395"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-22395",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014110",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"id": "VAR-202402-3290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-12-11T23:08:45.137000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2024-0001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-22395"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"date": "2024-02-24T00:15:45.673000",
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-06T07:50:00",
"db": "JVNDB",
"id": "JVNDB-2024-014110"
},
{
"date": "2024-12-05T17:04:30.223000",
"db": "NVD",
"id": "CVE-2024-22395"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014110"
}
],
"trust": 0.8
}
}
VAR-202203-0661
Vulnerability from variot - Updated: 2024-11-23 23:10Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sra 1200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sra 4200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sra 4600",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sra 1600",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 1600",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 4200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 4600",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 1200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"cve": "CVE-2022-22273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22273",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22273",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-22273",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1558",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-22273",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "VULMON",
"id": "CVE-2022-22273"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22273",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022032427",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22273",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"id": "VAR-202203-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-11-23T23:10:56.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWall SSLVPN Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187035"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22273"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22273/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032427"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"date": "2023-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"date": "2022-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"date": "2022-03-17T02:15:06.567000",
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"date": "2023-07-12T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"date": "2024-11-21T06:46:32.127000",
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
}
],
"trust": 0.6
}
}
VAR-202204-1365
Vulnerability from variot - Updated: 2024-11-23 23:03A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. sra 1200 firmware, sra 4200 firmware, SMA210 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1365",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sra 1200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sra 4200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.10-28sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.10-28sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.10-28sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 1200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 4200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"cve": "CVE-2022-22279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2022-22279",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-22279",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22279",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22279",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22279",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22279",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. sra 1200 firmware, sra 4200 firmware, SMA210 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "VULMON",
"id": "CVE-2022-22279"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22279",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022041325",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22279",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"id": "VAR-202204-1365",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2024-11-23T23:03:52.990000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sonicwall SonicWall SSLVPN Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247257"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0006"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22279"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22279/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041325"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"date": "2023-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"date": "2022-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"date": "2022-04-13T06:15:07.177000",
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"date": "2023-07-26T08:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"date": "2024-11-21T06:46:33.013000",
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
}
],
"trust": 0.6
}
}
VAR-202208-2082
Vulnerability from variot - Updated: 2024-08-14 15:37A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"cve": "CVE-2022-2915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2915",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2915",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2915",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2915",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4247",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "VULMON",
"id": "CVE-2022-2915"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2915",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2915",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"id": "VAR-202208-2082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T15:37:27.532000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL SMA100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207790"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0019"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2915"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2915/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"date": "2022-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"date": "2022-08-26T21:15:08.867000",
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"date": "2023-09-29T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"date": "2022-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"date": "2022-09-01T19:27:14.893000",
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
}
],
"trust": 0.6
}
}
VAR-202112-1591
Vulnerability from variot - Updated: 2024-08-14 15:11A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. SonicWall SMA100 Exists in observable mismatch vulnerabilities.Information may be obtained. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States.
The SonicWall SMA100 has a security flaw that could allow an attacker to enumerate usernames
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma100",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"cve": "CVE-2021-20049",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20049",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-06907",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20049",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20049",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20049",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20049",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-06907",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2137",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20049",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. SonicWall SMA100 Exists in observable mismatch vulnerabilities.Information may be obtained. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States. \n\r\n\r\nThe SonicWall SMA100 has a security flaw that could allow an attacker to enumerate usernames",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20049",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-06907",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122102",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20049",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"id": "VAR-202112-1591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
}
]
},
"last_update_date": "2024-08-14T15:11:43.089000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0030",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"
},
{
"title": "Patch for SonicWall SMA100 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/316326"
},
{
"title": "SonicWall SMA100 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "CWE-204",
"trust": 1.0
},
{
"problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20049"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0030"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122102"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"date": "2022-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"date": "2021-12-23T02:15:06.583000",
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"date": "2022-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"date": "2022-12-27T04:44:00",
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"date": "2022-07-08T18:20:05.127000",
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall SMA100 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
],
"trust": 0.6
}
}
VAR-202110-1958
Vulnerability from variot - Updated: 2024-08-14 15:11An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. SMA100 The series has an unspecified vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1958",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma100",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"cve": "CVE-2021-20050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20050",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20050",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20050",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20050",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2135",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. SMA100 The series has an unspecified vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20050",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021122102",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20050",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"id": "VAR-202110-1958",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.85
},
"last_update_date": "2024-08-14T15:11:43.064000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0031",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
},
{
"title": "Sonicwall SMA100 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=177008"
},
{
"title": "CVE-2021-22005_PoC",
"trust": 0.1,
"url": "https://github.com/RedTeamExp/CVE-2021-22005_PoC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0031"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20050"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122102"
},
{
"trust": 0.1,
"url": "https://github.com/redteamexp/cve-2021-22005_poc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"date": "2021-12-23T02:15:06.637000",
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-27T04:40:00",
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"date": "2022-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"date": "2022-10-21T20:03:35.393000",
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SMA100\u00a0 Vulnerability in series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
}
],
"trust": 0.6
}
}
VAR-202312-0929
Vulnerability from variot - Updated: 2024-08-14 15:10Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0929",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"cve": "CVE-2023-5970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-5970",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-5970",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5970",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-5970",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5970"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5970",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019948",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"id": "VAR-202312-0929",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T15:10:24.868000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0018"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5970"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"date": "2023-12-05T21:15:07.667000",
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T05:57:00",
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"date": "2023-12-13T15:32:02.247000",
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
}
],
"trust": 0.8
}
}
VAR-202112-0730
Vulnerability from variot - Updated: 2024-08-14 13:23An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0730",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma200",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma100",
"scope": null,
"trust": 0.6,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"cve": "CVE-2021-20042",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20042",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08929",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20042",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20042",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20042",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20042",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-08929",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-553",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20042"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNVD",
"id": "CNVD-2022-08929"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20042",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08929",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"id": "VAR-202112-0730",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
}
]
},
"last_update_date": "2024-08-14T13:23:03.915000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Patch for Unknown Vulnerability in SonicWall SMA100",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/318166"
},
{
"title": "SonicWall SMA100 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=173994"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-441",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20042"
},
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"date": "2021-12-08T10:15:08.053000",
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"date": "2022-12-06T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"date": "2023-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"date": "2023-06-26T19:15:03.807000",
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Vulnerability related to external controllable references to other space resources in appliances",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
}
],
"trust": 0.6
}
}
VAR-202112-0426
Vulnerability from variot - Updated: 2024-08-14 13:23A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"cve": "CVE-2021-20043",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-20043",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20043",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20043",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20043",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20043",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-552",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20043"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20043",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016104",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"id": "VAR-202112-0426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174192"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20043"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"date": "2021-12-08T10:15:08.100000",
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"date": "2021-12-10T18:19:14.460000",
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Appliance out-of-bounds write vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
}
],
"trust": 0.6
}
}
VAR-202112-0731
Vulnerability from variot - Updated: 2024-08-14 13:23An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"cve": "CVE-2021-20041",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20041",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20041",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-20041",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20041",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20041",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-554",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated and remote adversary can consume all of the device\u0027s CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20041"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20041",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016106",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"id": "VAR-202112-0731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "SonicWall SMA100 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174396"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "infinite loop (CWE-835) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20041"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"date": "2021-12-08T10:15:08.003000",
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"date": "2021-12-10T21:59:54.930000",
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Infinite loop vulnerability in appliances",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
}
],
"trust": 0.6
}
}
VAR-202112-0424
Vulnerability from variot - Updated: 2024-08-14 13:23A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"cve": "CVE-2021-20045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20045",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20045",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20045",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20045",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-550",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the \u0027nobody\u0027 user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20045",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016101",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"id": "VAR-202112-0424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "SonicWall SMA100 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173991"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20045"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"date": "2021-12-08T10:15:08.200000",
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T07:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"date": "2021-12-10T18:04:37.307000",
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Appliance Classic Buffer Overflow Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
}
],
"trust": 0.6
}
}
VAR-202112-0425
Vulnerability from variot - Updated: 2024-08-14 13:23A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0425",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"cve": "CVE-2021-20044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-20044",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20044",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20044",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20044",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20044",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-551",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20044",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016103",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"id": "VAR-202112-0425",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.770000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173992"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20044"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"date": "2021-12-08T10:15:08.150000",
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"date": "2021-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"date": "2021-12-10T18:12:57.647000",
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 in the appliance \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
}
],
"trust": 0.6
}
}
VAR-202112-0732
Vulnerability from variot - Updated: 2024-08-14 13:23A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliance contains a path traversal vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0732",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"cve": "CVE-2021-20040",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20040",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20040",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-20040",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20040",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20040",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-555",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a \u0027nobody\u0027 user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliance contains a path traversal vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20040"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20040",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016107",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"id": "VAR-202112-0732",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173996"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20040"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"date": "2021-12-08T10:15:07.953000",
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"date": "2021-12-10T22:11:11.603000",
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Path Traversal Vulnerability in Appliances",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
}
],
"trust": 0.6
}
}