Details of VAR-202507-3108

ID

VAR-202507-3108

CVE

CVE-2025-40596

TITLE

plural SonicWALL Stack-based buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2025-011059

DESCRIPTION

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-40596 // JVNDB: JVNDB-2025-011059

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma 210	scope:	lt	version:	10.2.2.1-90sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	lt	version:	10.2.2.1-90sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	lt	version:	10.2.2.1-90sv	Trust: 1.0
vendor:	sonicwall	model:	sma210	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma500v	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma410	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-011059 // NVD: CVE-2025-40596

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-40596
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-011059
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-40596
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-011059
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-011059 // NVD: CVE-2025-40596

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-011059 // NVD: CVE-2025-40596

EXTERNAL IDS

db:	NVD	id:	CVE-2025-40596	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-011059	Trust: 0.8

sources: JVNDB: JVNDB-2025-011059 // NVD: CVE-2025-40596

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0012	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-40596	Trust: 0.8

sources: JVNDB: JVNDB-2025-011059 // NVD: CVE-2025-40596

SOURCES

db:	JVNDB	id:	JVNDB-2025-011059
db:	NVD	id:	CVE-2025-40596

LAST UPDATE DATE

2025-08-11T23:27:02.041000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-011059	date:	2025-08-08T08:14:00
db:	NVD	id:	CVE-2025-40596	date:	2025-08-07T14:36:26.510

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-011059	date:	2025-08-08T00:00:00
db:	NVD	id:	CVE-2025-40596	date:	2025-07-23T15:15:32.140