Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-40601

Summary
Assigner-sonicwall
Assigner Org ID-44b2ff79-1416-4492-88bb-ed0da00c7315
Published At-20 Nov, 2025 | 12:26
Updated At-20 Nov, 2025 | 18:31
Rejected At-
Credits

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sonicwall
Assigner Org ID:44b2ff79-1416-4492-88bb-ed0da00c7315
Published At:20 Nov, 2025 | 12:26
Updated At:20 Nov, 2025 | 18:31
Rejected At:
â–¼CVE Numbering Authority (CNA)

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Affected Products
Vendor
SonicWall Inc.SonicWall
Product
SonicOS
Platforms
  • Linux
Default Status
unknown
Versions
Affected
  • 7.3.0-7012 and older versions
  • 8.0.2-8011 and older versions
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Saikiran Madugula of SonicWall
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016
vendor-advisory
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@sonicwall.com
Published At:20 Nov, 2025 | 15:17
Updated At:12 Dec, 2025 | 15:57

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
SonicWall Inc.
sonicwall
>>sonicos>>Versions from 7.1.1-7040(inclusive) to 7.3.1-7013(exclusive)
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_2700>>-
cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_3700>>-
cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_4700>>-
cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_5700>>-
cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_6700>>-
cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nssp_10700>>-
cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nssp_11700>>-
cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nssp_13700>>-
cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nssp_15700>>-
cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsv270>>-
cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsv470>>-
cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsv870>>-
cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz270>>-
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz270w>>-
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz370>>-
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz370w>>-
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz470>>-
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz470w>>-
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz570>>-
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz570p>>-
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz570w>>-
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz670>>-
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sonicos>>Versions before 8.0.3-8011(exclusive)
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_2800>>-
cpe:2.3:h:sonicwall:nsa_2800:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_3800>>-
cpe:2.3:h:sonicwall:nsa_3800:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_4800>>-
cpe:2.3:h:sonicwall:nsa_4800:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>nsa_5800>>-
cpe:2.3:h:sonicwall:nsa_5800:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz280>>-
cpe:2.3:h:sonicwall:tz280:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz380>>-
cpe:2.3:h:sonicwall:tz380:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz480>>-
cpe:2.3:h:sonicwall:tz480:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz580>>-
cpe:2.3:h:sonicwall:tz580:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz680>>-
cpe:2.3:h:sonicwall:tz680:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz80>>-
cpe:2.3:h:sonicwall:tz80:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121SecondaryPSIRT@sonicwall.com
CWE ID: CWE-121
Type: Secondary
Source: PSIRT@sonicwall.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016PSIRT@sonicwall.com
Vendor Advisory
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016
Source: PSIRT@sonicwall.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

262Records found
CVE-2024-29012
Matching Score-10
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-10
Assigner-SonicWall, Inc.
CVSS Score-4.9||MEDIUM
EPSS-2.25% / 84.24%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 08:11
Updated-25 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nssp_11700nssp_10700tz270nsa_2700nsv_470tz470nsa_6700tz270wtz570ptz570nsv_270sonicosnssp_13700tz370tz470wnsa_3700tz370wnsa_5700nsa_4700nsv_870tz570wSonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0656
Matching Score-10
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-10
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-38.43% / 97.13%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 00:00
Updated-07 Mar, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670sonicosnsa_3700nsa_2700nssp_15700nsa_6700nsv_25nsv_100nssp_13700nssp_11700tz470tz570nsa_5700nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz570wtz570pnsv_800tz370nsv_300tz470wnsv_10tz370wnsv_870nssp_10700tz270SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-40764
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-6.41% / 90.83%
||
7 Day CHG~0.00%
Published-18 Jul, 2024 | 07:42
Updated-10 Sep, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100sonicosnsa_3700nsa_2700nssp_15700nsv400nsa_6700nsv200nssp_13700nsv50nssp_11700tz470tz570nsv300nsa_5700nsv_270nsv800nsv_470nsa_4700nsv25tz270wtz570wtz570ptz370tz470wtz370wnsv_870nssp_10700nsv1600tz270nsv10SonicOSsonicos
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12258
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.64% / 93.49%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

Action-Not Available
Vendor-windriverbeldenn/aNetApp, Inc.Siemens AGSonicWall Inc.
Product-power_meter_9810_firmwarehirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018power_meter_9410_firmwarehirschmann_grs1042siprotec_5_firmwareruggedcom_win7000ruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwaree-series_santricity_os_controllervxworkshirschmann_msp40hirschmann_octopus_os3hirschmann_rsp30hirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25power_meter_9410power_meter_9810ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-384
Session Fixation
CVE-2019-12259
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-24.46% / 95.98%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 18:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

Action-Not Available
Vendor-windriverbeldenn/aSiemens AGSonicWall Inc.
Product-hirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018hirschmann_grs10429410_power_meter_firmwareruggedcom_win7000siprotec_5_firmwareruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwarevxworkshirschmann_msp40hirschmann_octopus_os39810_power_meterhirschmann_rsp309410_power_meter9810_power_meter_firmwarehirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-20041
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.99%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 09:55
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_410_firmwaresma_210sma_410sma_400_firmwaresma_210_firmwaresma_500v_firmwaresma_500vsma_200_firmwaresma_200sma_400SonicWall SMA100
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-20027
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.12%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 22:30
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670tz500wnsa_3700sonicosnsa_2700nssp_15700nsa_6700tz300nsa_9250tz400tz350wnsa_9450nsv_25tz300wnsa_6650nsv_100nssp_12800nssp_13700nsa_4650nsa_2650tz400wtz470tz570nssp_12400soho_250tz600psupermassive_e10200supermassive_e10800nsa_3650supermassive_e10400nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz600supermassive_9800tz570wtz300ptz350supermassive_9600tz570pnsv_800supermassive_9200tz370nsv_300tz470wsupermassive_9400nsv_10tz370wnsa_5650nsv_870tz500soho_250wtz270nsa_9650SonicOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-22275
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 16:25
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670tz500wsonicosnsa_3700nsa_2700nsa_6700tz300nsa_9250tz400tz350wnsa_9450nsv_25nsa_6650tz300wnsv_100nssp_12800nssp_13700nsa_2650nsa_4650tz400wtz470tz570soho_250nssp_11700tz600pnssp_12400nsa_3650nsa_5700nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wtz600tz570wtz300ptz350tz570pnsv_800tz370nsv_300tz470wnsv_10tz370wnsa_5650nsv_870tz500nssp_10700soho_250wtz270nsa_9650SonicOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-22278
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 16:25
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

Action-Not Available
Vendor-SonicWall Inc.
Product-nsv_200_firmwaretz670tz500wnssp_15700nsa_3700nsa_2700tz400tz500_firmwaretz470w_firmwaretz300p_firmwarensv_25_firmwarensv_100nssp_13700nssp_10700_firmwarensa_9450_firmwarensa_2650tz350w_firmwarenssp_12400tz400w_firmwarensv_270nsv_50_firmwarensa_9650_firmwarensv_50nsv_470nsv_400tz600p_firmwaretz670_firmwarensv_1600nsa_3700_firmwaretz600tz300w_firmwarensa_2700_firmwaretz300pnsa_2650_firmwaretz350tz570p_firmwarensv_300_firmwarenssp_15700_firmwarensa_6650_firmwarenssp_13700_firmwarenssp_12400_firmwarenssp_11700_firmwaretz370nssp_12800_firmwaretz470wnsv_10tz370wnsa_5650nsa_4700_firmwarensv_870tz470_firmwarensa_6700_firmwaretz600_firmwarenssp_10700nsv_10_firmwarensa_9650tz350_firmwarensa_4650_firmwarensv_100_firmwarensa_6700nsa_3650_firmwarensa_9250tz350wnsa_9450nsv_25tz300wtz570_firmwarensa_6650nssp_12800nsa_4650nssp_11700tz400wtz570nsv_400_firmwaretz470tz600pnsv_870_firmwaretz500w_firmwarensv_800_firmwarensa_3650nsa_5700nsv_200nsa_4700nsa_5700_firmwaretz370w_firmwaretz570wtz370_firmwaretz570pnsv_800nsv_470_firmwarensv_300nsa_9250_firmwarensv_1600_firmwaretz570w_firmwarensa_5650_firmwaretz500tz400_firmwarensv_270_firmwareSonicOS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-5138
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.34%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5139
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.69%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2020-5137
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.34%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-5140
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.69%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-5129
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.98%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 03:35
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma1000sma1000_firmwareSMA1000
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2020-5133
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.75%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-40597
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.22%
||
7 Day CHG+0.02%
Published-23 Jul, 2025 | 14:48
Updated-07 Aug, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_210sma_500v_firmwaresma_500vsma_410_firmwaresma_210_firmwaresma_410SMA 100 Series
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-32818
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.21%
||
7 Day CHG+0.11%
Published-23 Apr, 2025 | 19:24
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

Action-Not Available
Vendor-SonicWall Inc.
Product-SonicOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-7482
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-65.25% / 98.43%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 00:35
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_100_firmwaresma_100SMA100
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41712
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 22:26
Updated-13 Sep, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100nssp11700sonicosnsv1600nsv400nsa6700tz_400wnsv870sohownsa_6650sm_9400nsv200nssp10700tz_300nsv50tz470tz570nsa_2650nsa_4650soho_250tz_600pnsv300nsa_4600sm_9250nsa2700nsa_3650tz_500wnsv800tz_300wtz270wnsa_6600tz570wsm_9600nsa_2600nsv470tz_500nsa5700tz570ptz_600nssp13700tz370tz470wnsa4700tz370wtz_300ptz_350nssp15700nsa_5600nsa_5650sm_9200sm_9650nsa3700tz_400nsv270sm_9450soho_250wnsv25tz270nsa_3600nsv10SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41711
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 22:20
Updated-13 Sep, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100nssp11700sonicosnsv1600nsv400nsa6700tz_400wnsv870sohownsa_6650sm_9400nsv200nssp10700tz_300nsv50tz470tz570nsa_2650nsa_4650soho_250tz_600pnsv300nsa_4600sm_9250nsa2700nsa_3650tz_500wnsv800tz_300wtz270wnsa_6600tz570wsm_9600nsa_2600nsv470tz_500nsa5700tz570ptz_600nssp13700tz370tz470wnsa4700tz370wtz_300ptz_350nssp15700nsa_5600nsa_5650sm_9200sm_9650nsa3700tz_400nsv270sm_9450soho_250wnsv25tz270nsa_3600nsv10SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39278
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 22:12
Updated-13 Sep, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100nssp11700sonicosnsv1600nsv400nsa6700tz_400wnsv870sohownsa_6650sm_9400nsv200nssp10700tz_300nsv50tz470tz570nsa_2650nsa_4650soho_250tz_600pnsv300nsa_4600sm_9250nsa2700nsa_3650tz_500wnsv800tz_300wtz270wnsa_6600tz570wsm_9600nsa_2600nsv470tz_500nsa5700tz570ptz_600nssp13700tz370tz470wnsa4700tz370wtz_300ptz_350nssp15700nsa_5600nsa_5650sm_9200sm_9650nsa3700tz_400nsv270sm_9450soho_250wnsv25tz270nsa_3600nsv10SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39279
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 22:15
Updated-13 Sep, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100nssp11700sonicosnsv1600nsv400nsa6700tz_400wnsv870sohownsa_6650sm_9400nsv200nssp10700tz_300nsv50tz470tz570nsa_2650nsa_4650soho_250tz_600pnsv300nsa_4600sm_9250nsa2700nsa_3650tz_500wnsv800tz_300wtz270wnsa_6600tz570wsm_9600nsa_2600nsv470tz_500nsa5700tz570ptz_600nssp13700tz370tz470wnsa4700tz370wtz_300ptz_350nssp15700nsa_5600nsa_5650sm_9200sm_9650nsa3700tz_400nsv270sm_9450soho_250wnsv25tz270nsa_3600nsv10SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12803
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-2.78% / 85.73%
||
7 Day CHG+2.35%
Published-09 Jan, 2025 | 07:21
Updated-17 Jan, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

Action-Not Available
Vendor-SonicWall Inc.
Product-SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-6340
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.39%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 23:57
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

Action-Not Available
Vendor-SonicWall Inc.
Product-netextendercapture_clientNetExtenderCapture Client
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39276
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 69.87%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 22:04
Updated-13 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100nssp11700sonicosnsv1600nsv400nsa6700tz_400wnsv870sohownsa_6650sm_9400nsv200nssp10700tz_300nsv50tz470tz570nsa_2650nsa_4650soho_250tz_600pnsv300nsa_4600sm_9250nsa2700nsa_3650tz_500wnsv800tz_300wtz270wnsa_6600tz570wsm_9600nsa_2600nsv470tz_500nsa5700tz570ptz_600nssp13700tz370tz470wnsa4700tz370wtz_300ptz_350nssp15700nsa_5600nsa_5650sm_9200sm_9650nsa3700tz_400nsv270sm_9450soho_250wnsv25tz270nsa_3600nsv10SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39280
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 22:17
Updated-13 Sep, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100nssp11700sonicosnsv1600nsv400nsa6700tz_400wnsv870sohownsa_6650sm_9400nsv200nssp10700tz_300nsv50tz470tz570nsa_2650nsa_4650soho_250tz_600pnsv300nsa_4600sm_9250nsa2700nsa_3650tz_500wnsv800tz_300wtz270wnsa_6600tz570wsm_9600nsa_2600nsv470tz_500nsa5700tz570ptz_600nssp13700tz370tz470wnsa4700tz370wtz_300ptz_350nssp15700nsa_5600nsa_5650sm_9200sm_9650nsa3700tz_400nsv270sm_9450soho_250wnsv25tz270nsa_3600nsv10SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22281
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.29%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 19:40
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.

Action-Not Available
Vendor-SonicWall Inc.
Product-netextenderSonicWall NetExtender Windows (32 and 64 bit) Client
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-22274
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-47.00% / 97.59%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 23:05
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670sonicosnsa_3700nsa_2700nssp_15700nsa_6700nsv_25nsv_100nssp_13700nssp_11700tz470tz570nsa_5700nsv_270sonicosvnsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz570wtz570pnsv_800tz370nsv_300tz470wnsv_10tz370wnsv_870nssp_10700tz270SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20038
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.29% / 99.94%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 09:55
Updated-31 Oct, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-02-11||Apply updates per vendor instructions.

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_500vsma_500v_firmwaresma_200_firmwaresma_410_firmwaresma_200sma_210sma_410sma_210_firmwaresma_400_firmwaresma_400SonicWall SMA100SMA 100 Appliances
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20046
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.97%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 03:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670tz500wnsa_3700sonicosnsa_2700nssp_15700nsa_6700tz300nsa_9250tz400tz350wnsa_9450nsv_25tz300wnsa_6650nsv_100nssp_12800nssp_13700nsa_4650nsa_2650tz400wtz470tz570nssp_12400supermassive_e10200tz600psupermassive_e10800soho_250nsa_3650supermassive_e10400nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz600supermassive_9800tz570wtz300ptz350supermassive_9600tz570pnsv_800supermassive_9200tz370nsv_300tz470wsupermassive_9400nsv_10tz370wnsa_5650nsv_870tz500soho_250wtz270nsa_9650SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20048
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.97%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 03:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670tz500wsonicosnsa_3700nsa_2700nssp_15700nsa_6700tz300nsa_9250tz400tz350wnsa_9450nsv_25tz300wnsa_6650nsv_100nssp_12800nssp_13700nsa_2650nsa_4650tz400wtz470tz570nssp_12400supermassive_e10200tz600psupermassive_e10800soho_250nsa_3650supermassive_e10400nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz600supermassive_9800tz570wtz300ptz350supermassive_9600tz570pnsv_800supermassive_9200tz370nsv_300tz470wsupermassive_9400nsv_10tz370wnsa_5650nsv_870tz500soho_250wtz270nsa_9650SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-40596
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-7.3||HIGH
EPSS-0.14% / 33.51%
||
7 Day CHG+0.02%
Published-23 Jul, 2025 | 14:46
Updated-07 Aug, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_210sma_500v_firmwaresma_500vsma_410_firmwaresma_210_firmwaresma_410SMA 100 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-39277
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 22:08
Updated-13 Sep, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nsv100nssp11700sonicosnsv1600nsv400nsa6700tz_400wnsv870sohownsa_6650sm_9400nsv200nssp10700tz_300nsv50tz470tz570nsa_2650nsa_4650soho_250tz_600pnsv300nsa_4600sm_9250nsa2700nsa_3650tz_500wnsv800tz_300wtz270wnsa_6600tz570wsm_9600nsa_2600nsv470tz_500nsa5700tz570ptz_600nssp13700tz370tz470wnsa4700tz370wtz_300ptz_350nssp15700nsa_5600nsa_5650sm_9200sm_9650nsa3700tz_400nsv270sm_9450soho_250wnsv25tz270nsa_3600nsv10SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53703
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-8.1||HIGH
EPSS-29.15% / 96.46%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 13:59
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_500vsma_500v_firmwaresma_200_firmwaresma_410_firmwaresma_200sma_210sma_410sma_210_firmwaresma_400_firmwaresma_400SMA100sma100_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-45318
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-8.1||HIGH
EPSS-2.26% / 84.30%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 13:43
Updated-04 Nov, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_500vsma_500v_firmwaresma_200_firmwaresma_410_firmwaresma_200sma_210sma_410sma_210_firmwaresma_400_firmwaresma_400SMA100sma100_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-41463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.34%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-41492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.03%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 00:00
Updated-07 Apr, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-41466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25363
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-Not Assigned
Published-18 Feb, 2026 | 21:55
Updated-19 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.

Action-Not Available
Vendor-Alloksoft
Product-WMV to AVI MPEG DVD WMV Convertor
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-8276
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.28%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-16 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-33782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.75%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Jun, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.

Action-Not Available
Vendor-csiron/aFundanMPC
Product-multi-protocol_spdzn/aMP-SPDZ
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-32291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 00:00
Updated-17 Mar, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30ew30e_firmwaren/aw30e_firmwarew30e
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-3286
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.70%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 17:21
Updated-06 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printersprinter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-31504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component.

Action-Not Available
Vendor-embedded-solutionsn/asila_embedded_solutions
Product-freemodbusn/afreemodbus
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-57440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.73%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 00:00
Updated-20 Jan, 2026 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-3788dsl-3788_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-30083
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-8.61% / 92.23%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:59
Updated-17 Dec, 2025 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-30392
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.19% / 40.51%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:07
Updated-23 Jan, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specific URL request is received a flowd crash occurs

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx-spc3mx2008mx304mx2010mx204mx10004mx10008junosms-micmx240ms-mpcmx480mx2020mx960Junos OSjunos_os
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-28551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.34%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 00:00
Updated-13 Mar, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18ac18_firmwaren/aac18_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-27571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.26%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 00:00
Updated-30 Apr, 2025 | 11:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-libtorn/aszlbt
Product-lbt-t300-t390_firmwarelbt-t300-t390n/albt-t300-t390_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-27570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 00:00
Updated-30 Apr, 2025 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-libtorn/a
Product-lbt-t300-t390_firmwarelbt-t300-t390n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found