CVE-2001-1104

SonicWALL SOHO Firmware - TCP Session Spoofing via Predictable Sequence Numbers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1104.

AI-analyzed exploit summary The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation, enabling session spoofing and bypassing IP-based access controls. The analysis references the specific function and file in the kernel code.

Description

SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.

Exploits (1)

exploitdb WRITEUP

remotelinux

https://www.exploit-db.com/exploits/19522

View Code ZIP pw:eip

The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation, enabling session spoofing and bypassing IP-based access controls. The analysis references the specific function and file in the kernel code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel (versions affected by CVE-2001-1104)

No auth needed

Prerequisites: Network access to the target system · Ability to observe or predict TCP sequence numbers

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/199632

Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3098

Scores

EPSS 0.0697

EPSS Percentile 93.3%

Details

Status published

Products (3)

sonicwall/soho_firmware 4.0.0

sonicwall/soho_firmware 5.0.0

sonicwall/soho_firmware 5.1.5.0

Published Jul 25, 2001

Tracked Since Feb 18, 2026