SonicWall SMA 500v and SMA 100 Series Firmware Heap Buffer Overflow


A remote code execution vulnerability exists in SonicWall SMA 100 Series and SMA 500v Series due to a heap buffer overflow in the ‘extensionsetting’ endpoint. A remote, authenticated attacker can send crafted HTTP POST requests to execute code on vulnerable targets as the ‘nobody’ user.

Vulnerability Identifiers

  • Exodus Intelligence: EIP-6a6472ab
  • MITRE: CVE-2022-2915

Vulnerability Metrics

  • CVSSv2 Score: 6.0

Vendor References

Discovery Credit

  • Sergi Martinez (Exodus Intelligence)

Disclosure Timeline

  • Disclosed to affected vendor: April 21st, 2022
  • Disclosed to public: January 12th, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).