A pre-authentication SQL injection vulnerability was recently discovered and fixed on Cyberoam (CROS) devices. This type of vulnerability could allow SQL statements to be executed remotely, but only if the administration interface (HTTPS admin service) was exposed on the WAN zone. Affected devices should be updated immediately to the latest version of CROS and Sophos XG Firewall and SG UTM devices. Sophos purchased firewall and router maker CyberoAM Technologies in 2014 and has been offering free upgrades to their XG firewall OS since 2019.
Source: https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/