An improper handling of Unicode encoding in the SSLVPN login flow of SonicWall SMA1000 appliances allows a remote authenticated administrator to skip the AMC TOTP challenge, effectively bypassing the second factor of authentication. This flaw is a classic example of CWE‑176, where incorrect interpretation of input data removes a security gate, enabling an attacker who already holds valid credentials to reach administrative control without the required one‑time password.

All models within the SonicWall SMA1000 series are potentially affected because the advisory does not specify firmware or sub‑model details; therefore any appliance running the legacy firmware should be treated as at risk until a corrective update is applied.

The exploit requires possession of legitimate administrator credentials and is triggered remotely via the SSLVPN interface. The EPSS score of less than 1% and the absence from CISA’s KEV catalog suggest it is not yet a common target. However, the CVSS score of 6.6 reflects a medium severity coupled with the fact that bypassing MFA grants full administrative privileges, presenting a significant risk to confidentiality, integrity, and availability of the protected network.