Sunday, April 6, 2025
HomeCVE/vulnerabilityMultiple SonicWall Vulnerabilities Let Attackers Execute Remote Code

Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code

Published on

SIEM as a Service

Follow Us on Google News

SonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access (SMA) 100 series SSL-VPN appliances.

These vulnerabilities could allow attackers to execute remote code, bypass authentication, or compromise system integrity.

SonicWall urges users to take immediate action by updating their devices to the latest firmware to mitigate these risks.

These issues affect SMA 200, 210, 400, 410, and 500v appliances running firmware version 10.2.1.13-72sv or earlier. Products from the SonicWall SSL VPN SMA1000 series are confirmed to be unaffected.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Vulnerability List

  1. CVE-2024-38475: Path Traversal Vulnerability
    Originating from Apache HTTP Server’s mod_rewrite module, this vulnerability allows attackers to map URLs to sensitive filesystem locations, potentially exposing restricted files.
  2. CVE-2024-40763: Heap-Based Buffer Overflow
    A heap-based buffer overflow in SMA100 devices, caused by improper memory handling, can be exploited by attackers to execute malicious code or crash the system.
  3. CVE-2024-45318: Stack-Based Buffer Overflow
    A vulnerability in the SMA100 web management interface permits attackers to trigger a stack-based buffer overflow, potentially allowing the execution of arbitrary code on the device.
  4. CVE-2024-45319: Certificate-Based Authentication Bypass
    This flaw allows attackers to bypass the certificate requirement during authentication, granting unauthorized access to the system.
  5. CVE-2024-53702: Insecure Randomness
    The use of a weak pseudo-random number generator (PRNG) in the SMA100 backup code mechanism can enable attackers to predict the output, potentially exposing sensitive information.
  6. CVE-2024-53703: Stack-Based Buffer Overflow in Apache
    A stack-based buffer overflow in the mod_httprp library used by SMA100 devices running Apache allows attackers to execute arbitrary code remotely.

Affected Products

The vulnerabilities impact the SonicWall SMA 100 series (SMA 200, 210, 400, 410, 500v), specifically firmware version 10.2.1.13-72sv and earlier.

The following table provides a detailed summary of affected products and versions:

Product SeriesProduct ModelsAffected Firmware Version
SonicWall SMA 100SMA 200, SMA 21010.2.1.13-72sv and earlier
SMA 400, SMA 41010.2.1.13-72sv and earlier
SMA 500v10.2.1.13-72sv and earlier
SonicWall SMA 1000All modelsNot affected

SonicWall recommends all users immediately update to the latest firmware to address these issues.

SonicWall has stated there is currently no evidence of active exploitation in the wild, but given the severity of these vulnerabilities, organizations are urged to act without delay.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses



Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir...

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti...

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing...

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir...

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti...

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing...