SSRF Vulnerability in SMA1000 Appliance Firmware Could Lead to Unintended IP Address Requests
CVE-2024-45317

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Sma1000
Vendor: CVE Published:; 11 October 2024

Summary

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

Affected Version(s)

SMA1000 Linux 12.4.3-02676 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Aug 26, 2024

Credit

Wenjie Zhong (H4lo) of Webin DBappSecurity Co., Ltd.