Sma 100

This hub aggregates every CVE we track for Sma 100, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Sma 100.

• CVE-2025-40598A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.6.1Jul 23, 2025
• CVE-2025-40597A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.7.5Jul 23, 2025
• CVE-2025-40596A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.7.3Jul 23, 2025
• CVE-2025-40599An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrar...9.1Jul 23, 2025
• CVE-2025-32821A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.7.2May 7, 2025
• CVE-2025-32820A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.8.8May 7, 2025
• CVE-2024-53702Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, poten...5.3Dec 5, 2024
• CVE-2024-45318A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.8.1Dec 5, 2024
• CVE-2024-40763Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead...7.5Dec 5, 2024
• CVE-2023-44221Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody...KEV7.2Dec 5, 2023
• CVE-2022-2915A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code exe...8.8Aug 26, 2022
• BDU:2022-05294Уязвимость микропрограммного обеспечения межсетевых экранов SonicWall серии SMA 100, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации5.3Aug 26, 2022
• CVE-2021-20038A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' u...KEV9.8Dec 8, 2021
• CVE-2021-20035Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.KEV6.5Sep 27, 2021
• CVE-2021-20016A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information....KEV9.8Feb 3, 2021