COOEY // HUBcompliance · community · intelligence

FAIL › dossier

SonicWall vendor

15
failure events
1
zero-days
8
RCEs
15
on KEV
10
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 15 events

DateEventSevFlagsShameSummary
2025-01-24 CVE-2025-23006 critical ⚡RCE ⌖KEV 95 SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.
2024-09-09 CVE-2024-40766 critical ⚡RCE ⌖KEV 95 SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
2022-01-28 CVE-2021-20038 critical ⚡RCE ⌖KEV 95 SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
2021-11-03 CVE-2021-20022 critical ⚡RCE ⌖KEV 95 SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-200
2021-11-03 CVE-2019-7481 critical ⚡RCE ⌖KEV 95 SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
2025-02-18 CVE-2024-53704 critical ⌖KEV 80 SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
2022-03-28 CVE-2021-20028 critical ⌖KEV 80 SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
2021-11-03 CVE-2021-20016 critical ◐0day ⌖KEV 80 SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
2021-11-03 CVE-2021-20023 critical ⌖KEV 80 SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve priv
2021-11-03 CVE-2021-20021 critical ⌖KEV 80 SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along
2025-05-01 CVE-2023-44221 high ⚡RCE ⌖KEV 65 SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.
2025-04-16 CVE-2021-20035 high ⚡RCE ⌖KEV 65 SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.
2022-03-15 CVE-2020-5135 high ⚡RCE ⌖KEV 65 A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
2025-12-17 CVE-2025-40602 high ⌖KEV 50 SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
2022-03-28 CVE-2019-7483 high ⌖KEV 50 In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.