Sma 400
This hub aggregates every CVE we track for Sma 400, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
3
Critical
4
High
4
In CISA KEV
Severity distribution
HIGH4CRITICAL3MEDIUM2
Monthly trend
0
0
0
0
0
3
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Sma 400.
- CVE-2025-32819A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to fa...8.8
- CVE-2024-53702Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, poten...5.3
- CVE-2024-45318A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.8.1
- CVE-2024-40763Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead...7.5
- CVE-2023-44221Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody...KEV7.2
- CVE-2021-20038A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' u...KEV9.8
- CVE-2021-20035Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.KEV6.5
- CVE-2021-20034An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to fac...9.1
- CVE-2021-20016A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information....KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works