Dell SonicWALL SonicOS through Vulnerability notification

A web script vulnerability was detected in Dell SonicWALL SonicOS affecting our firewall line of appliances. The vulnerability is limited to a single page in the graphical user interface and is only possible when the firewall is accessed by the administrator (see Issue Summary below).

Affected Dell SonicWALL Firewall Appliances:

  • TZ 100 / TZ 100 Wireless
  • TZ 105 / TZ 105 Wireless
  • TZ 200 / TZ 200 Wireless
  • TZ 205 / TZ 205 Wireless
  • TZ 210 / TZ 210 Wireless
  • TZ 215 / TZ 215 Wireless
  • NSA 220 / NSA 220 Wireless
  • NSA 240
  • NSA 250M / NSA 250M Wireless
  • NSA 2400
  • NSA 3500
  • NSA 4500
  • NSA 5000
  • NSA E-Class 5500
  • NSA E-Class 6500
  • NSA E-Class 7500
  • NSA E-Class 8500
  • NSA E-Class 8510

Affected Software Versions:

  • SonicOS through

Issue Summary

The vulnerability can allow a specifically constructed POST request to execute a malicious script code in the context of an administrative session in the web browser. This occurs when the administrator is logged into the firewall and the attacker issues a POST request to a specific page on the firewall from the administrator’s PC. Successful exploitation of the vulnerability can result in session hijacking and unexpected behavior.


Dell SonicWALL recommends customers running, or previous 5.8.1.x versions, to upgrade to version which is available from A current support contract is not required.

Sent iPadn Ť€©ћ№©¶@τ


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: