Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sonicwall sma_210_firmware |
||
sonicwall sma_410_firmware |
||
sonicwall sma_500v_firmware |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources They've been lurking in networks since at least 2021
Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant. The spyware targets the SonicWall Secure Mobile Access (SMA) 100 Series – a gateway device that provides VPN access to remote users. The networking vendor confirmed the malware campaign in a statement emailed to The Register: The campaign targeted "an extremely limited number of unpa...