Browse all 7 CVE security advisories affecting SMA. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SMA serves as a network security appliance providing unified threat management for enterprise environments. Historically, vulnerabilities have frequently included remote code execution, cross-site scripting, and privilege escalation flaws, with 7 CVEs documented to date. Notable security characteristics include its role as a perimeter defense system, though past incidents have involved authentication bypass weaknesses and insecure default configurations. The device's broad functionality as a gateway makes it a high-value target, with vulnerabilities potentially allowing network compromise or lateral movement. Security researchers have identified issues in both web management interfaces and underlying firmware, highlighting the need for regular patching and hardening of administrative access controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-4459 | SMA: Directory Traversal in Sunny Boy <3.10.27.R — Boy 3.0CWE-23 | 6.5 | Medium | 2025-08-27 |
| CVE-2025-41685 | SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user — ennexos.sunnyportal.comCWE-359 | 6.5 | Medium | 2025-08-19 |
| CVE-2025-41645 | SMA: Sunny Portal demo system privilege escalation — www.sunnyportal.comCWE-669 | 8.6 | High | 2025-05-13 |
| CVE-2025-0731 | SMA: Sunny Portal Remote Code Execution — www.sunnyportal.comCWE-434 | 6.5 | Medium | 2025-02-26 |
| CVE-2024-11025 | SMA: SQL injection in Sunny Central UP — Sunny Central SC 1760-USCWE-89 | 5.4 | Medium | 2024-11-27 |
| CVE-2024-1890 | Clickjacking vulnerability in Sunny Webbox — Sunny WebboxCWE-1021 | 6.4 | Medium | 2024-02-26 |
| CVE-2024-1889 | Cross-Site Request Forgery vulnerability in SMA Cluster Controller — SMA Cluster ControllerCWE-352 | 8.8 | High | 2024-02-26 |
This page lists every published CVE security advisory associated with SMA. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.