Sonicwall: >> Sma6200 Firmware Security Vulnerabilities
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
CVSS Score
7.2
EPSS Score
0.002
Published
2026-04-09
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-04-09
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-04-09
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
CVSS Score
6.6
EPSS Score
0.0
Published
2026-04-09
CVE-2025-40602
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Known exploited
CVSS Score
6.6
EPSS Score
0.004
Published
2025-12-18
CVE-2025-23006
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
Known exploited
CVSS Score
9.8
EPSS Score
0.501
Published
2025-01-23