An improperly bounded API endpoint in the SonicOS management interface allows a stack‑based buffer overflow after the user has authenticated. This flaw maps to CWE‑121 and can potentially enable an attacker with local or network‑level access to execute arbitrary code within the operating environment, compromising the confidentiality, integrity, and availability of the device and any network traffic passing through it.

SonicWall SonicOS devices, including the NSA 2700, 2800, 3700, 3800, 4700, 4800, 5700, 5800, 6700, NSSP 10700, 11700, 13700, 15700, NSV270, NSV470, NSV870, TZ270, TZ270W, TZ280, TZ370, TZ370W, TZ380, TZ470, TZ470W, TZ480, TZ570, TZ570P, TZ570W, TZ580, TZ670, TZ680, TZ80, and other SonicOS‑hardware platforms.

The CVSS base score is 4.9, indicating moderate severity, and the EPSS score is less than 1 %, showing very low exploitation probability as of the last assessment. The vulnerability is not listed in the CISA KEV catalog, meaning no confirmed exploitation has been observed. Based on the description, the likely attack vector is an authenticated user targeting the management API—either a legitimate administrator acting maliciously or an attacker who has compromised credentials. Exploitation requires direct access to the API endpoint, which is normally protected by authentication, but once accessed, the buffer overflow can lead to arbitrary code execution within the device’s kernel space.