A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. The flaw (CVE-2020-5135) is a stack-based buffer overflow in the NSA. An unskilled attacker could trigger a persistent denial-of-service condition using an unauthenticated HTTP request involving a custom protocol handler. An attacker can simply send crafted requests to the SonicWALL HTTP(S) service and trigger memory corruption. A Shodan search indicated 795,357 vulnerable hosts as of Tuesday.
Source: https://threatpost.com/critical-sonicwall-vpn-bug/160108/