CVE-2024-53702

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

History

04 Nov 2025, 17:13

Type	Values Removed	Values Added
Summary		(es) Uso de una vulnerabilidad de generador de números pseudoaleatorios (PRNG) criptográficamente débil en el generador de código de respaldo SSLVPN SMA100 de SonicWall que, en ciertos casos, puede ser predicho por un atacante, exponiendo potencialmente el secreto generado.
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 - Vendor Advisory
First Time		Sonicwall sma 210 Firmware Sonicwall sma 400 Sonicwall sma 210 Sonicwall sma 200 Sonicwall sma 410 Firmware Sonicwall sma 500v Firmware Sonicwall sma 500v Sonicwall Sonicwall sma 410 Sonicwall sma 400 Firmware Sonicwall sma 200 Firmware
CPE		cpe:2.3:o:sonicwall:sma_210_firmware:::::::: cpe:2.3:h:sonicwall:sma_210:-:::::::* cpe:2.3:o:sonicwall:sma_500v_firmware:::::::: cpe:2.3:h:sonicwall:sma_410:-:::::::* cpe:2.3:o:sonicwall:sma_200_firmware:::::::: cpe:2.3:h:sonicwall:sma_200:-:::::::* cpe:2.3:h:sonicwall:sma_500v:-:::::::* cpe:2.3:o:sonicwall:sma_410_firmware:::::::: cpe:2.3:o:sonicwall:sma_400_firmware:::::::: cpe:2.3:h:sonicwall:sma_400:-:::::::*

05 Dec 2024, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

05 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-05 14:15

Updated : 2025-11-04 17:13

NVD link : CVE-2024-53702

Mitre link : CVE-2024-53702

CVE.ORG link : CVE-2024-53702

JSON object : View

Products Affected

sonicwall

sma_400
sma_200_firmware
sma_400_firmware
sma_500v_firmware
sma_210
sma_210_firmware
sma_200
sma_410
sma_410_firmware
sma_500v

CWE

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

5.3 /10