CVE-2022-1702 The SMA1000 and earlier versions have an external link redirect vulnerability that accepts a user controlled input.

CVE-2022-1702 The SMA1000 and earlier versions have an external link redirect vulnerability that accepts a user controlled input.

This attack allows attackers to take control of the device and conduct man-in-the-middle attacks. It can be exploited by malicious users to conduct a redirection attack to a target website of their choice.

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions have a redirection vulnerability. An attacker can exploit this vulnerability by visiting a website and clicking on a malicious link.

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions allow remote attackers to inject arbitrary HTML code via a user-controlled input that specifies a link to an external site.

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions allow remote attackers to inject arbitrary HTML code via a user-controlled input that specifies a link to an external site.

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open

Vulnerable Packages

12.4.0 and earlier versions on SonicWall SMA1000 series appliances
CVE-2017-2636 SonicWall Firewall IPS/APP 12.2.2, 12.3.1-02514, 12.3.1-03075, 12.3.1-03386 and earlier versions

Vulnerable / tested firmware versions

The following firmware versions are vulnerable:
- SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions have a redirection vulnerability.
- SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions allow remote attackers to inject arbitrary HTML code via a user-controlled input that specifies a link to an external site.
- SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe