SonicWall Firewall and Security firm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any SonicWall product.
RSS Feeds for SonicWall security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in SonicWall products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by SonicWall Sorted by Most Security Vulnerabilities since 2018
Known Exploited SonicWall Vulnerabilities
The following SonicWall vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| SonicWall SMA100 Appliances OS Command Injection Vulnerability |
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. CVE-2023-44221 Exploit Probability: 15.7% |
May 1, 2025 |
| SonicWall SMA100 Appliances OS Command Injection Vulnerability |
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. CVE-2021-20035 Exploit Probability: 5.6% |
April 16, 2025 |
| SonicWall SonicOS SSLVPN Improper Authentication Vulnerability |
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. CVE-2024-53704 Exploit Probability: 93.8% |
February 18, 2025 |
| SonicWall SMA1000 Appliances Deserialization Vulnerability |
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands. CVE-2025-23006 Exploit Probability: 54.2% |
January 24, 2025 |
| SonicWall SonicOS Improper Access Control Vulnerability |
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. CVE-2024-40766 Exploit Probability: 5.5% |
September 9, 2024 |
| SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability |
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. CVE-2021-20028 Exploit Probability: 85.7% |
March 28, 2022 |
| SonicWall SMA100 Directory Traversal Vulnerability |
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE-2019-7483 Exploit Probability: 28.0% |
March 28, 2022 |
| SonicWall SonicOS Buffer Overflow Vulnerability |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. CVE-2020-5135 Exploit Probability: 22.6% |
March 15, 2022 |
| SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability |
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. CVE-2021-20038 Exploit Probability: 94.3% |
January 28, 2022 |
| SonicWall Email Security Privilege Escalation Exploit Chain |
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. CVE-2021-20021 Exploit Probability: 90.5% |
November 3, 2021 |
| SonicWall SMA100 9.0.0.3 and Earlier SQL Injection |
Vulnerability in SonicWall SMA100 versions 9.0.0.3 and earlier allow an unauthenticated user to gain read-only access to unauthorized resources. CVE-2019-7481 Exploit Probability: 94.4% |
November 3, 2021 |
| SonicWall Email Security Privilege Escalation Exploit Chain |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE-2021-20022 Exploit Probability: 38.9% |
November 3, 2021 |
| SonicWall Email Security Privilege Escalation Exploit Chain |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. CVE-2021-20023 Exploit Probability: 59.7% |
November 3, 2021 |
| SonicWall SSL VPN SMA100 SQL Injection Vulnerability |
Allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information in SMA100 build version 10.x. CVE-2021-20016 Exploit Probability: 79.8% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 6 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited SonicWall vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 13 vulnerabilities in SonicWall with an average score of 7.5 out of ten. Last year, in 2024 SonicWall had 10 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.49
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 13 | 7.50 |
| 2024 | 10 | 7.99 |
| 2023 | 30 | 7.66 |
| 2022 | 5 | 8.08 |
| 2021 | 21 | 8.08 |
| 2020 | 15 | 7.01 |
| 2019 | 21 | 8.25 |
| 2018 | 3 | 6.90 |
It may take a day or so for new SonicWall vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SonicWall Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-40603 | Oct 31, 2025 |
SonicWall SMA100 Remote Auth Admin Log Info Leak (CVE-2025-40603)A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. |
Sma100
|
| CVE-2025-40600 | Jul 29, 2025 |
SonicOS SSL VPN Format String Causing DoSUse of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. |
Sonicos
|
| CVE-2025-2170 | Apr 30, 2025 |
SSRF in SMA1000 WorkPlace Interface Allows Remote UnAuth RequestsA Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. |
Sma1000 Firmware
|
| CVE-2025-32818 | Apr 23, 2025 |
SonicOS SSLVPN Virtual Office NPE in SSLVPN Interface allows Remote DoSA Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. |
Sonicos
|
| CVE-2025-23009 | Apr 10, 2025 |
CVE-2025-23009: LPE in SonicWall NetExtender (32/64-bit) -> File DeleteA local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. |
Netextender
|
| CVE-2025-23010 | Apr 10, 2025 |
Link Following in SonicWall NetExtender Windows ClientAn Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. |
Netextender
|
| CVE-2025-23006 | Jan 23, 2025 |
Remote OS Command Exec via Pre-auth Deserialization in SMA1000 AMC/CMCPre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. |
Sma8200v
|
| CVE-2024-12803 | Jan 09, 2025 |
SonicOS CLI Buffer Overflow Enables Remote CrashA post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. |
Sonicos
|
| CVE-2024-12805 | Jan 09, 2025 |
SonicOS Post-Auth Format String Vulnerability Enables Crash & RCEA post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. |
Sonicos
|
| CVE-2024-12806 | Jan 09, 2025 |
SonicOS Admin Absolute Path Traversal Enables Post-Auth File ReadA post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. |
Sonicos
|
| CVE-2024-40765 | Jan 09, 2025 |
Integer Overflow in SonicOS IPSec (IKEv2) Remote DoS/ExecAn Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. |
Sonicos
|
| CVE-2024-53704 | Jan 09, 2025 |
Improper Auth in SSLVPN auth bypass vulnerabilityAn Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. |
Sonicos
|
| CVE-2024-53705 | Jan 09, 2025 |
SSRF in SonicOS SSH Mgmt Enables Remote TCP ConnectionsA Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. |
Sonicos
|
| CVE-2024-40766 | Aug 23, 2024 |
SonicWall SonicOS 7.0.1-5035 MM Access Control VulnerabilityAn improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. |
Sonicos
|
| CVE-2024-29014 | Jul 18, 2024 |
Arbitrary Code Exec in SonicWall SMA100 NetExtender <10.2.339 Windows ClientVulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. |
Netextender
|
| CVE-2024-40764 | Jul 18, 2024 |
SonicOS IPSec VPN Heap Overflow DoSHeap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). |
Sonicos
|
| CVE-2024-3596 | Jul 09, 2024 |
RADIUS MD5 Response Authenticator Forgery via Chosen-Prefix CollisionRADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. |
Sonicos
|
| CVE-2024-29013 | Jun 20, 2024 |
Heap BOverflow in SonicOS SSLVPN memcpy Causing DoSHeap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. |
Sonicos
|
| CVE-2024-29012 | Jun 20, 2024 |
SonicOS HTTP Server Stack Overflow Causing DoS (CVE-2024-29012)Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. |
Sonicos
|
| CVE-2024-22396 | Mar 14, 2024 |
SonicOS IPSec IKEv2 Int Buffer OverflowAn Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. |
Sonicos
|
| CVE-2024-22397 | Mar 14, 2024 |
SonicOS SSLVPN Portal XSS for Authenticated Admin UsersImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. |
Sonicos
|
| CVE-2024-22394 | Feb 08, 2024 |
Improper Auth Bypass in SonicWall SonicOS 7.1.1-7040 SSL-VPNAn improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. |
Sonicos
|
| CVE-2023-6340 | Jan 18, 2024 |
SonicWall Capture Client 3.7.10 & NetExtender <=10.2.337 DoS via sfpmonitor.sys Buffer OverflowSonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. |
Netextender
Capture Client
|
| CVE-2023-44221 | Dec 05, 2023 |
OS Command Injection via SMA100 SSL-VPN ManagementImproper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. |
|
| CVE-2023-44220 | Oct 27, 2023 |
DLL Search Order Hijack in SonicWall NetExtender <10.2.336SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. |
Netextender
|
| CVE-2023-39276 | Oct 17, 2023 |
SonicWall SonicOS buffer overflow in getBookmarkList.jsonSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash. |
Sonicos
|
| CVE-2023-41715 | Oct 17, 2023 |
SonicOS SSLVPN Tunnel PostAuth Privilege EscalationSonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. |
Sonicos
|
| CVE-2023-41713 | Oct 17, 2023 |
SonicOS Hard-coded Password in dynHandleBuyToolbar DemoSonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. |
Sonicos
|
| CVE-2023-41712 | Oct 17, 2023 |
SonicOS SSL VPN Buffer Overflow CVE-2023-41712SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. |
Sonicos
|
| CVE-2023-41711 | Oct 17, 2023 |
SonicOS sonicwall.exp/Prefs.exp PostAuth Stack Overflow (CVE202341711)SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. |
Sonicos
|
| CVE-2023-39280 | Oct 17, 2023 |
SonicOS POST Auth Stack Buffer Overflow in ssoStats-s.xml/wriSonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash. |
Sonicos
|
| CVE-2023-39279 | Oct 17, 2023 |
SonicOS getPacketReplayData.JSON SB-Buffer Overflow Crashes FirewallSonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. |
Sonicos
|
| CVE-2023-39278 | Oct 17, 2023 |
SonicOS main.cgi Stack-Based Buffer Overflow via Post-Auth Assertion FailureSonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash. |
Sonicos
|
| CVE-2023-39277 | Oct 17, 2023 |
SonicOS Buffer Overflow in sonicflow.csv causes firewall crashSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. |
Sonicos
|
| CVE-2023-44217 | Oct 03, 2023 |
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versionsA local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. |
Netextender
|
| CVE-2023-44218 | Oct 03, 2023 |
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privilegesA flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. |
Netextender
|
| CVE-2023-34131 | Jul 13, 2023 |
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pagesExposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34135 | Jul 13, 2023 |
Path Traversal vulnerability in SonicWall GMS and AnalyticsPath Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34137 | Jul 13, 2023 |
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerabilitySonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34136 | Jul 13, 2023 |
Vulnerability in SonicWall GMS and AnalyticsVulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34134 | Jul 13, 2023 |
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and AnalyticsExposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34132 | Jul 13, 2023 |
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacksUse of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34133 | Jul 13, 2023 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and AnalyticsImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34129 | Jul 13, 2023 |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and AnalyticsImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34130 | Jul 13, 2023 |
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive dataSonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34124 | Jul 13, 2023 |
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypassThe authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34128 | Jul 13, 2023 |
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration fileTomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34127 | Jul 13, 2023 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMSImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34126 | Jul 13, 2023 |
Vulnerability in SonicWall GMS and AnalyticsVulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34125 | Jul 13, 2023 |
Path Traversal vulnerability in GMS and AnalyticsPath Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|