b2b-daily
Home | IT | Cyber Security

Are Your SonicWall Devices Vulnerable to New Exploits?

Avatar photo
by Craig Anderson
May 2, 2025
Image Credit: Titima Ongkantong / Vecteezy
Are Your SonicWall Devices Vulnerable to New Exploits?
Article Highlights
Off On

The cybersecurity landscape is constantly evolving, presenting continuous challenges for both companies and individuals in securing their digital infrastructures. Recent developments have revealed that specific SonicWall Secure Mobile Access (SMA) appliances, namely the SMA 200, 210, 400, 410, and 500v models, are potentially at risk due to new exploit techniques. Despite SonicWall’s release of patches aimed at addressing these vulnerabilities, these devices have shown susceptibility to active exploitation. Two particular vulnerabilities have been under scrutiny. The first, identified as CVE-2023-44221, scored 7.2 on the CVSS scale and allows remote authenticated users with administrative privileges to inject arbitrary commands, potentially leading to an OS Command Injection. The second, CVE-2024-38475, poses a more significant threat with a CVSS score of 9.8, surfacing from improper escaping of output in the Apache HTTP Server, ultimately allowing harmful URL-file mapping.

Newly Disclosed Exploitation Techniques

Though SonicWall implemented critical security updates by December 2023 and 2024, experts still observe new exploitation tactics targeting CVE-2024-38475. Reports reveal techniques allowing unauthorized file access and session hijacking, initially hard to detect, yet increasingly evident. This prompted SonicWall to urge users to vigilantly check devices for unauthorized logins and bolster system defenses. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted the importance of staying alert, drawing attention to another vulnerability in the same series, underscoring ongoing risks. However, specifics regarding methods of exploitation remain undisclosed. Users and administrators of SonicWall SMA appliances must prioritize updates and adhere to supplementary security advice from SonicWall and CISA to effectively mitigate potential threats. In a rapidly evolving digital threat landscape, being proactive and well-informed is vital to defend against relentless cyber threats and exploitation attempts.

Explore more

Is 2026 the Year of 5G for Latin America?
January 21, 2026

The Dawning of a New Connectivity Era The year 2026 is shaping up to be a watershed moment for fifth-generation mobile technology across Latin America. After years of planning, auctions, and initial trials, the region is on the cusp of a significant acceleration in 5G deployment, driven by a confluence of regulatory milestones, substantial investment commitments, and a strategic push

EU Set to Ban High-Risk Vendors From Critical Networks
January 21, 2026

The digital arteries that power European life, from instant mobile communications to the stability of the energy grid, are undergoing a security overhaul of unprecedented scale. After years of gentle persuasion and cautionary advice, the European Union is now poised to enact a sweeping mandate that will legally compel member states to remove high-risk technology suppliers from their most critical

AI Avatars Are Reshaping the Global Hiring Process
January 21, 2026

The initial handshake of a job interview is no longer a given; for a growing number of candidates, the first face they see is a digital one, carefully designed to ask questions, gauge responses, and represent a company on a global, 24/7 scale. This shift from human-to-human conversation to a human-to-AI interaction marks a pivotal moment in talent acquisition. For

Recruitment CRM vs. Applicant Tracking System: A Comparative Analysis
January 21, 2026

The frantic search for top talent has transformed recruitment from a simple act of posting jobs into a complex, strategic function demanding sophisticated tools. In this high-stakes environment, two categories of software have become indispensable: the Recruitment CRM and the Applicant Tracking System. Though often used interchangeably, these platforms serve fundamentally different purposes, and understanding their distinct roles is crucial

Could Your Star Recruit Lead to a Costly Lawsuit?
January 21, 2026

The relentless pursuit of top-tier talent often leads companies down a path of aggressive courtship, but a recent court ruling serves as a stark reminder that this path is fraught with hidden and expensive legal risks. In the high-stakes world of executive recruitment, the line between persuading a candidate and illegally inducing them is dangerously thin, and crossing it can