SonicWall CVE coverage for firewalls, VPN, secure mobile access, and SMB edge-security appliances.
Vendor watch hub
The SonicWallwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Dec 16, 2025, 6:00 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 15 most recent items, newest first. Each row links to the official advisory.
15 rows · sorted newest first
Operations viewSonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. Known ransomware use: Known.
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands. Known ransomware use: Known.
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. Known ransomware use: Known.
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. Known ransomware use: Known.
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. Known ransomware use: Known.
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation. Known ransomware use: Known.
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. Known ransomware use: Known.
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. Known ransomware use: Known.
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation. Known ransomware use: Known.
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation. Known ransomware use: Known.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
SonicWall SMA1000 Missing Authorization VulnerabilitySonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices. SMA1000 appliance | criticalCVE-2025-40602 Critical | active | Dec 16, 2025, 6:00 PM | CISA KEVOpen source |
SonicWall SMA100 Appliances OS Command Injection VulnerabilitySonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. SMA100 Appliances | criticalCVE-2023-44221 Critical | active | Apr 30, 2025, 7:00 PM | CISA KEVOpen source |
SonicWall SMA100 Appliances OS Command Injection VulnerabilitySonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. SMA100 Appliances | criticalCVE-2021-20035 Critical | active | Apr 15, 2025, 7:00 PM | CISA KEVOpen source |
SonicWall SonicOS SSLVPN Improper Authentication VulnerabilitySonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. Known ransomware use: Known. SonicOS | criticalCVE-2024-53704 Critical | active | Feb 17, 2025, 6:00 PM | CISA KEVOpen source |
SonicWall SMA1000 Appliances Deserialization VulnerabilitySonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands. Known ransomware use: Known. SMA1000 Appliances | criticalCVE-2025-23006 Critical | active | Jan 23, 2025, 6:00 PM | CISA KEVOpen source |
SonicWall SonicOS Improper Access Control VulnerabilitySonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. Known ransomware use: Known. SonicOS | criticalCVE-2024-40766 Critical | active | Sep 8, 2024, 7:00 PM | CISA KEVOpen source |
SonicWall Secure Remote Access (SRA) SQL Injection VulnerabilitySonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. Known ransomware use: Known. Secure Remote Access (SRA) | criticalCVE-2021-20028 Critical | active | Mar 27, 2022, 7:00 PM | CISA KEVOpen source |
SonicWall SMA100 Directory Traversal VulnerabilityIn SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. SMA100 | criticalCVE-2019-7483 Critical | active | Mar 27, 2022, 7:00 PM | CISA KEVOpen source |
SonicWall SonicOS Buffer Overflow VulnerabilityA buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. SonicOS | criticalCVE-2020-5135 Critical | active | Mar 14, 2022, 7:00 PM | CISA KEVOpen source |
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow VulnerabilitySonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. Known ransomware use: Known. SMA 100 Appliances | criticalCVE-2021-20038 Critical | active | Jan 27, 2022, 6:00 PM | CISA KEVOpen source |
SonicWall Email Security Improper Privilege Management VulnerabilitySonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation. Known ransomware use: Known. SonicWall Email Security | criticalCVE-2021-20021 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
SonicWall SMA100 SQL Injection VulnerabilitySonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. Known ransomware use: Known. SMA100 | criticalCVE-2019-7481 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
SonicWall SSLVPN SMA100 SQL Injection VulnerabilitySonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. Known ransomware use: Known. SSLVPN SMA100 | criticalCVE-2021-20016 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
SonicWall Email Security Path Traversal VulnerabilitySonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation. Known ransomware use: Known. SonicWall Email Security | criticalCVE-2021-20023 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
SonicWall Email Security Unrestricted Upload of File VulnerabilitySonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation. Known ransomware use: Known. SonicWall Email Security | criticalCVE-2021-20022 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the managed firewall services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the SonicWall-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current SonicWall issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map SonicWall advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.