CVE-2024-53703

HIGH

SonicWall SMA100 SSLVPN Firmware < 10.2.1.14-75sv - Stack-based Buffer Overflow in mod_httprp Library

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-53703. PoCs published by scrt.

AI-analyzed exploit summary This PoC exploits a stack-based buffer overflow in SonicWall SMA's mod_httprp.so (CVE-2024-53703) to achieve RCE via a crafted NTLM authentication header. It leverages a ROP chain to bypass ASLR and execute a reverse shell.

Description

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

Exploits (1)

nomisec WORKING POC 2 stars
by scrt · poc
https://github.com/scrt/cve-2024-53703-poc

This PoC exploits a stack-based buffer overflow in SonicWall SMA's mod_httprp.so (CVE-2024-53703) to achieve RCE via a crafted NTLM authentication header. It leverages a ROP chain to bypass ASLR and execute a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: SonicWall SMA 500 (mod_httprp.so)
Auth required
Prerequisites: Active session on target · Network access to target · Knowledge of target's LIBC base address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.1271
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (5)
sonicwall/sma_200_firmware < 10.2.1.14-75sv
sonicwall/sma_210_firmware < 10.2.1.14-75sv
sonicwall/sma_400_firmware < 10.2.1.14-75sv
sonicwall/sma_410_firmware < 10.2.1.14-75sv
sonicwall/sma_500v_firmware < 10.2.1.14-75sv
Published Dec 05, 2024
Tracked Since Feb 18, 2026