FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2025-01-24 | CVE-2025-23006 | critical | ⚡RCE ⌖KEV | 95 | SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands. |
| 2024-09-09 | CVE-2024-40766 | critical | ⚡RCE ⌖KEV | 95 | SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. |
| 2022-01-28 | CVE-2021-20038 | critical | ⚡RCE ⌖KEV | 95 | SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. |
| 2021-11-03 | CVE-2021-20022 | critical | ⚡RCE ⌖KEV | 95 | SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-200 |
| 2021-11-03 | CVE-2019-7481 | critical | ⚡RCE ⌖KEV | 95 | SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. |
| 2025-02-18 | CVE-2024-53704 | critical | ⌖KEV | 80 | SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. |
| 2022-03-28 | CVE-2021-20028 | critical | ⌖KEV | 80 | SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. |
| 2021-11-03 | CVE-2021-20016 | critical | ◐0day ⌖KEV | 80 | SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. |
| 2021-11-03 | CVE-2021-20023 | critical | ⌖KEV | 80 | SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve priv |
| 2021-11-03 | CVE-2021-20021 | critical | ⌖KEV | 80 | SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along |
| 2025-05-01 | CVE-2023-44221 | high | ⚡RCE ⌖KEV | 65 | SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. |
| 2025-04-16 | CVE-2021-20035 | high | ⚡RCE ⌖KEV | 65 | SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. |
| 2022-03-15 | CVE-2020-5135 | high | ⚡RCE ⌖KEV | 65 | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. |
| 2025-12-17 | CVE-2025-40602 | high | ⌖KEV | 50 | SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices. |
| 2022-03-28 | CVE-2019-7483 | high | ⌖KEV | 50 | In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. |