CVE-2023-0126

HIGH NUCLEI

SMA1000 <12.4.2 - Path Traversal

Title source: llm

Description

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

Nuclei Templates (1)

SonicWall SMA1000 LFI

HIGHVERIFIEDby tess

Shodan: title:"Appliance Management Console Login"

FOFA: title="appliance management console login"

References (1)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001

Scores

CVSS v3 7.5

EPSS 0.9303

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

sonicwall/sma1000_firmware 12.4.2

Published Jan 19, 2023

Tracked Since Feb 18, 2026