A Format String flaw that can only be triggered after the user has successfully authenticated to SonicOS exposes the device to a denial‑of‑service condition. The vulnerability allows a remote actor to construct payloads that lead to a crash of the firewall firmware, resulting in loss of service. The weakness is a classic format string bug (CWE‑134) and does not grant arbitrary code execution.

SonicWall SonicOS running on a broad range of hardware families, including the NSA series (2700, 2800, 3700, 3800, 4700, 4800, 5700, 5800, 6700), NSSP series (10700, 11700, 13700, 15700), NSV series (270, 470, 870), and TZ series (270, 270w, 280, 370, 370w, 380, 470, 470w, 480, 570, 570p, 570w, 580, 670, 680, 80). All models that run the standard SonicOS firmware are potentially affected.

The CVSS v3.1 score is 4.9, reflecting moderate impact and limited user requirement. EPSS is below 1%, indicating a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and it requires the attacker to first authenticate, suggesting the attack vector is remote management access with valid credentials. Because the flaw triggers a crash rather than a code execution, the attack surface is limited to causing service disruption. However, a sustained DoS attack could be leveraged as a stepping stone for further reconnaissance or to distract from other network attacks.