Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4112 | 1 Sonicwall | 9 Sma6200, Sma6200 Firmware, Sma6210 and 6 more | 2026-05-14 | N/A | 7.2 HIGH |
| Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. | |||||
| CVE-2026-4113 | 1 Sonicwall | 9 Sma6200, Sma6200 Firmware, Sma6210 and 6 more | 2026-05-14 | N/A | 7.2 HIGH |
| An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | |||||
| CVE-2026-4114 | 1 Sonicwall | 9 Sma6200, Sma6200 Firmware, Sma6210 and 6 more | 2026-05-14 | N/A | 6.6 MEDIUM |
| Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | |||||
| CVE-2026-4116 | 1 Sonicwall | 9 Sma6200, Sma6200 Firmware, Sma6210 and 6 more | 2026-05-14 | N/A | 7.2 HIGH |
| Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. | |||||
| CVE-2025-40602 | 1 Sonicwall | 9 Sma6200, Sma6200 Firmware, Sma6210 and 6 more | 2025-12-19 | N/A | 6.6 MEDIUM |
| A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | |||||
| CVE-2025-23006 | 1 Sonicwall | 15 Sma6200, Sma6200 Firmware, Sma6210 and 12 more | 2025-10-31 | N/A | 9.8 CRITICAL |
| Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | |||||