CVE-2023-0126
HIGH NUCLEISonicWall SMA1000 Firmware 12.4.2 - Unauthenticated Path Traversal
Title source: llmExploitation Summary
CVE-2023-0126 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
Nuclei Templates (1)
SonicWall SMA1000 LFI
HIGHVERIFIEDby tess
Shodan:
title:"Appliance Management Console Login"
FOFA:
title="appliance management console login"
References (1)
Core 1
Core References
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001
Scores
CVSS v3
7.5
EPSS
0.7270
EPSS Percentile
99.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
sonicwall/sma1000_firmware
12.4.2
Published
Jan 19, 2023
Tracked Since
Feb 18, 2026