Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HSonicwall Sma6200
HWSonicwallwszystkie wersjeSonicwall Sma6200 Firmware
OSSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)Sonicwall Sma6210
HWSonicwallwszystkie wersjeSonicwall Sma6210 Firmware
OSSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)Sonicwall Sma7200
HWSonicwallwszystkie wersjeSonicwall Sma7200 Firmware
OSSonicwall12.5.0 – 12.5.0-02624 (bez)< 12.4.3-03387Sonicwall Sma7210
HWSonicwallwszystkie wersjeSonicwall Sma7210 Firmware
OSSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)Sonicwall Sma8200v
APPSonicwall< 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
VPN
CWE
Powiązane podatności
CVE-2025-23006CRITICAL9.8⚠ KEVPL ✓ten sam produkt
SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE
CVE-2026-4112HIGH7.2ten sam produkt
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 seri...
CVE-2026-4113HIGH7.2ten sam produkt
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote at...
CVE-2026-4116HIGH7.2ten sam produkt
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...
CVE-2025-40602MEDIUM6.6⚠ KEVten sam produkt
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 applianc...