CVE-2019-7483
HIGH KEVSonicWall SMA 100 Firmware < 9.0.0.4 - Unauthenticated Path Traversal via handleWAFRedirect CGI
Title source: llmExploitation Summary
CVE-2019-7483 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022.
Description
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0018
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7483
Scores
CVSS v3
7.5
EPSS
0.4788
EPSS Percentile
97.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2022-03-28
VulnCheck KEV
2022-03-28
InTheWild.io
2022-03-28
ENISA EUVD
EUVD-2019-17025
CWE
CWE-22
Status
published
Products (1)
sonicwall/sma_100_firmware
< 9.0.0.4
Published
Dec 19, 2019
KEV Added
Mar 28, 2022
Tracked Since
Feb 18, 2026