A post‑authentication NULL pointer dereference in SonicOS allows a remote attacker to crash the firewall by sending specially crafted input. The core weakness resides in the code handling an unspecified packet, causing a segmentation fault when the pointer is dereferenced. The crash interrupts firewall operation, potentially dropping all traffic that flows through the affected device. The primary impact is a denial‑of‑service that can disrupt network connectivity.

Devices running SonicOS versions on multiple SonicWall hardware families including the NSA 2700, 2800, 3700, 3800, 4700, 4800, 5700, 5800, 6700 series, and the NSSP 10700, 11700, 13700, 15700, NSV270, NSV470, NSV870, TZ270, TZ280, TZ370, TZ380, TZ470, TZ480, TZ570, TZ570p, TZ570w, TZ580, TZ670, TZ680, TZ80, as well as the generic SonicOS firmware are susceptible. Exact affected firmware revisions are not listed, so all recent releases prior to an identified fix should be considered vulnerable.

The CVSS score of 4.9 reflects moderate severity, largely due to the post‑authentication requirement. However, the EPSS score is <1 %, indicating that exploit activity is expected to be very low, and the vulnerability is currently not catalogued in CISA’s KEV list. The attack vector requires valid administrative credentials to trigger the crash, making remote exploitation less likely but still dangerous for exposed firewalls. If the vulnerability remains unpatched, an attacker could mount a DoS attack by repeatedly sending the malicious input, potentially taking the firewall offline and undermining network availability.