SonicWall Backdoor Exploit – CVEs, One Time Password Theft, and Vendor Silence
- Author
- John Barger
- Published
- Fri 18 Jul 2025
- Episode Link
- https://shows.acast.com/it-sparc-cast/episodes/it-sparc-cast-cve-of-the-week-episode-s01e09
📄 Episode Description:
In this episode of IT SPARC Cast – CVE of the Week, John and Lou dive into a troubling situation involving SonicWall’s SMA 100 series firewalls. Despite devices being fully patched, active exploits are targeting one-time password seeds with stealthy malware like “OVERSTEP.” The malware modifies boot scripts, hides logs, steals credentials, and persists through reboots—leaving enterprise networks exposed without an effective patch in sight.
We break down known associated CVEs (including CVE-2021-20038, CVE-2024-38475, CVE-2021-20035, CVE-2021-20039, and CVE-2025-32819) and highlight the problematic nature of SonicWall’s response: telling customers to “just upgrade” without offering real mitigation. Whether you’re a SonicWall customer or an IT security leader assessing vendor risk, this episode serves as a wake-up call for how to handle (or not handle) active cyber threats.
⸻
🔗 Social Links:
IT SPARC Cast
John Barger
Lou Schmidt
Hosted on Acast. See acast.com/privacy for more information.
