Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

sma8200v

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2026-4116
Assigner-SonicWall, Inc.
ShareView Details
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 14:27
Updated-14 May, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma8200vsma6200sma6200_firmwaresma6210sma7200sma6210_firmwaresma7210_firmwaresma7210sma7200_firmwareSMA1000
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CVE-2026-4114
Assigner-SonicWall, Inc.
ShareView Details
Assigner-SonicWall, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.04% / 11.99%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 14:25
Updated-14 May, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma8200vsma6200sma6200_firmwaresma6210sma7200sma6210_firmwaresma7210_firmwaresma7210sma7200_firmwareSMA1000
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CVE-2026-4113
Assigner-SonicWall, Inc.
ShareView Details
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.18%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 14:23
Updated-14 May, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma8200vsma6200sma6200_firmwaresma7200sma6210sma6210_firmwaresma7210_firmwaresma7210sma7200_firmwareSMA1000
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2026-4112
Assigner-SonicWall, Inc.
ShareView Details
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-0.03% / 9.94%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 14:22
Updated-14 May, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma8200vsma6200sma6200_firmwaresma6210sma7200sma6210_firmwaresma7210_firmwaresma7210sma7200_firmwareSMA1000
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-40602
Assigner-SonicWall, Inc.
ShareView Details
Assigner-SonicWall, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.39% / 60.15%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 10:58
Updated-19 Dec, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-12-24||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Action-Not Available
Vendor-SonicWall Inc.
Product-sma7210_firmwaresma6210sma8200vsma7200_firmwaresma7210sma6210_firmwaresma6200sma6200_firmwaresma7200SMA1000SMA1000 appliance
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-862
Missing Authorization
CVE-2025-23006
Assigner-SonicWall, Inc.
ShareView Details
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-50.07% / 97.88%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 11:37
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-14||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

Action-Not Available
Vendor-SonicWall Inc.
Product-sra_ex7000sma7210sma6210sra_ex7000_firmwaresma7210_firmwaresma6200_firmwaresma7200_firmwaresma7200sra_ex6000_firmwaresra_ex9000_firmwaresra_ex9000sma8200vsma6210_firmwaresma6200sra_ex6000SMA1000SMA1000 Appliances
CWE ID-CWE-502
Deserialization of Untrusted Data