SonicWall SMA 500v and SMA 100 Series Firmware Heap Buffer Overflow

EIP-6a6472ab

A remote code execution vulnerability exists in SonicWall SMA 100 Series and SMA 500v Series due to a heap buffer overflow in the ‘extensionsetting’ endpoint. A remote, authenticated attacker can send crafted HTTP POST requests to execute code on vulnerable targets as the ‘nobody’ user.

Vulnerability Identifiers

  • Exodus Intelligence: EIP-6a6472ab
  • MITRE: CVE-2022-2915

Vulnerability Metrics

  • CVSSv2 Score: 6.0

Vendor References

Discovery Credit

  • Sergi Martinez (Exodus Intelligence)

Disclosure Timeline

  • Disclosed to affected vendor: April 21st, 2022
  • Disclosed to public: January 12th, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).