CVE-2019-7486

HIGH

SonicWall SMA100 <9.0.0.4 - Code Injection

Title source: llm

Description

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.

References (1)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0021

Scores

CVSS v3 8.8

EPSS 0.0068

EPSS Percentile 71.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-94

Status published

Affected Products (1)

sonicwall/sma_100_firmware < 9.0.0.4

Timeline

Published Dec 19, 2019

Tracked Since Feb 18, 2026