SonicWall: Users of Unpatched SRA and SMA 100 Series Appliances Face Imminent Risk of Ransomware Attacks

SonicWall has issued an urgent warning for users of its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running 8.x firmware.

SonicWall has learned of threat actors targeting a known vulnerability in the firmware using stolen credentials. SonicWall explained in its alert that ransomware attacks are imminent and urgent action must be taken to prevent exploitation of the flaw.

SonicWall has corrected the vulnerability in later versions of the firmware. All users of SMA 100 series and SRA devices running the vulnerable firmware version have been told to either update to version 9.x or 10.x of the firmware immediately.

“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” said SonicWall.

EOL devices are:

  • SRA 4600/1600 (EOL 2019)
  • SRA 4200/1200 (EOL 2016)
  • SSL-VPN 200/2000/400 (EOL 2013/2014)

All customers who are using the above devices with 8.x firmware should apply the update immediately or disconnect their appliances and reset passwords.

SMA 400/200 has reached end-of-life, but support is still provided in Limited Retirement Mode. Users should update to or immediately, reset passwords, and enable MFA. SMA 1000 series products are not affected,

SMA 210/410/500v is actively supported, but vulnerabilities have been identified in 2021 that could potentially be exploited.  Users running firmware 9.x should update to or later and users of firmware 10.x should update to or later immediately.

SonicWall is offering a complimentary virtual SMA 500v to users of users of end-of-life devices that cannot be updated to the latest 9.x or 10.x firmware versions until October 31, 2021.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of