A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
2021-02-04T06:15:13.817
2025-03-14T17:00:01.730
Analyzed
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | sonicwall | sma_100_firmware | < 10.2.0.5-d-29sv | Yes |
Hardware | sonicwall | sma_100 | - | No |
Operating System | sonicwall | sma_200_firmware | - | Yes |
Hardware | sonicwall | sma_200 | - | No |
Operating System | sonicwall | sma_210_firmware | - | Yes |
Hardware | sonicwall | sma_210 | - | No |
Operating System | sonicwall | sma_400_firmware | - | Yes |
Hardware | sonicwall | sma_400 | - | No |
Operating System | sonicwall | sma_410_firmware | - | Yes |
Hardware | sonicwall | sma_410 | - | No |
Application | sonicwall | sma_500v | - | Yes |