CVE-2022-1702

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_8000v:-:*:*:*:*:*:*:*

History

14 Oct 2022, 01:17

Type Values Removed Values Added
CPE cpe:2.3:o:sonicwall:7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:7200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:8000v:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_8000v:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:*:*:*:*:*:*:*

25 May 2022, 13:35

Type Values Removed Values Added
CWE CWE-601
References (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 - (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.8
v3 : 6.1
CPE cpe:2.3:h:sonicwall:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:7200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:8000v:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.0:*:*:*:*:*:*:*

13 May 2022, 21:07

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-13 20:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-1702

Mitre link : CVE-2022-1702

CVE.ORG link : CVE-2022-1702


JSON object : View

Products Affected

sonicwall

  • sma_7200_firmware
  • sma_6210_firmware
  • sma_7200
  • sma_7210
  • sma_6200_firmware
  • sma_7210_firmware
  • sma_8000v_firmware
  • sma_8000v
  • sma_6200
  • sma_6210
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')