But note: SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability, the firewall company said on February 1. Partners and customers should continue to check the patch link above, since SonicWall has provided multiple updates via that link since the initial January 22 security disclosure.
When the issue was first uncovered, SonicWall said a breach apparently involved a coordinated attack on the company's internal systems by "highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products."
Which SonicWall Products Are Not Affected?
In a January 2021 statement, the company said the following SonicWall products are not affected by the vulnerability:
- SonicWall Firewalls
- NetExtender VPN Client
- SMA 1000 Series
- SonicWave Access Points
Stay tuned for potential updates on this developing story.
Story originally published January 23, 2021. Updated multiple times thereafter.