CriticalPublic exploit

SonicOS HTTP Request Stack-Based Buffer Overflow

IdentifiersCVE-2022-22274CWE-121· Stack-based Buffer Overflow

CVE-2022-22274 is a stack-based buffer overflow in SonicWall SonicOS that is reachable via an HTTP request. According to the provided content, the flaw allows a remote, unauthenticated attacker to trigger memory corruption in the firewall by sending a crafted HTTP request to the affected SonicOS management interface. Successful exploitation can cause a denial of service and may potentially lead to code execution on the firewall. The specific vulnerable function, code path, and affected firmware versions are not provided in the supplied content.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can crash or destabilize the SonicOS device, resulting in denial of service of the firewall and potentially disrupting security enforcement, VPN access, and network connectivity. Because the content states exploitation may potentially result in code execution in the firewall, the vulnerability could also permit full compromise of the appliance, with attendant risks including unauthorized control of the device, interception or manipulation of traffic, and use of the firewall as a foothold for further intrusion.

Mitigation

If you can’t patch tonight, do this now.

Restrict exposure of SonicOS HTTP/management interfaces to trusted administrative networks only and do not expose them directly to the internet. Apply network-layer access controls, disable unnecessary management services, and monitor for anomalous or malformed HTTP requests targeting SonicOS. Because the supplied content does not include vendor-specific mitigation guidance for CVE-2022-22274, detailed mitigation information is currently not available.

Remediation

Patch, then assume compromise.

Apply the vendor-supplied patch or update to the latest version of SonicOS that addresses this vulnerability. Consult SonicWall's official advisory for specific fixed versions.

PUBLIC EXPLOITS

Exploits

1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.

VALID 1 / 1 TOTALView more in app

CVE-2022-22274_CVE-2023-0656MaturityPoCVerified exploit

This repository provides a Python proof-of-concept (PoC) script (poc.py) for testing and exploiting two stack-based buffer overflow vulnerabilities in SonicWall SonicOS (CVE-2022-22274 and CVE-2023-0656). The exploit targets the web management interface of SonicWall NGFW devices via HTTPS, sending specially crafted HTTP GET requests with overly long URI paths to specific endpoints (/resources/, //, /atp/, /stats/, /Security_Services). The script can safely test for vulnerability or trigger a denial-of-service (DoS) by crashing the device. The README.md offers detailed background, usage instructions, and example outputs. The code is standalone, written in Python, and does not rely on external frameworks. No hardcoded IPs or domains are present; the user supplies the target. The repository is structured with a single exploit script, a README, and a license file.

BishopFoxDisclosed Jan 12, 2024pythonnetwork

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

SonicwallSonicosoperating_system

SonicwallSonicosvapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

greynoise blogNews

Feb 27, 2026

Active Reconnaissance Campaign Targets SonicWall Firewalls Through Commercial Proxy Infrastructure

A critical SonicWall vulnerability (CVSS 9.8) referenced as one of the CVEs checked/triggered during the campaign; the content reports no observed campaign sessions for it, consistent with negligible exploitation during the observed window.

nuclei templates pull requestsNews

Sep 5, 2025

add CVE-2022-22274 - SonicOS - Buffer Overflow

A buffer overflow vulnerability in SonicOS.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2022-22274

NVD

nvd.nist.gov/vuln/detail/CVE-2022-22274

MITRE CWE · CWE-121

Stack-based Buffer Overflow

Vendor Advisory

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003