CVE-2022-1703 - AskarLabs CVE Database

CVE-2022-1703

Vendor Sonicwall

Product SMA100

Weakness CWE-78

Published June 3, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

Key dates

02Disclosure timeline

June 3, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1703

Related vulnerabilities

04Related CVE

CVE-2026-5689 Totolink A7100RU cstecgi.cgi setNtpCfg os command injection CVE-2026-43991 JunoClaw: plugin-shell shell-injection bypass via substring blocklist CVE-2026-7204 Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection CVE-2022-3276 Puppetlabs-mysql Command Injection CVE-2024-22423 yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows

Identifiers

CVE CVE-2022-1703

CWE CWE-78

Affected versions

Vendor Sonicwall

Product SMA100

Affected 10.2.1.4-31sv and earlier

Vendor Sonicwall

Product SMA100

Affected 10.2.0.9-41sv and earlier