HIGH🇬🇧 English

CVE-2026-4112

CVSS 7.2pub. 2026-04-09upd. 2026-05-14

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Sma6200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma6200 Firmware

    OS
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
  • Sonicwall Sma6210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma6210 Firmware

    OS
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
  • Sonicwall Sma7200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma7200 Firmware

    OS
    Sonicwall
    12.5.0 – 12.5.0-02624 (bez)< 12.4.3-03387
  • Sonicwall Sma7210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma7210 Firmware

    OS
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
  • Sonicwall Sma8200v

    APP
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLiLPE
CWE
Referencje

Powiązane podatności

CVE-2025-23006CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE

CVE-2026-4113HIGH7.2ten sam produkt

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote at...

CVE-2026-4116HIGH7.2ten sam produkt

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...

CVE-2025-40602MEDIUM6.6⚠ KEVten sam produkt

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 applianc...

CVE-2026-4114MEDIUM6.6ten sam produkt

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...

CVE-2026-4112 — HIGH 7.2 | CVEbaza.pl