Overview

• Firmware version 10.2.2.2-92sv adds additional file checking to detect and remove known OVERSTEP artifacts and is recommended for SMA 210, 410, and 500v.
• The release patches CVE-2024-38475, cited in session hijacking of local admin SSL VPN logins, and CVE-2025-40599.
• Researchers reported UNC6148 deploying OVERSTEP to hide on the filesystem, spawn reverse shells, clear logs, and persist across reboots.
• OVERSTEP steals persist.database and certificate files, exposing credentials, OTP seeds, and private keys that can extend attacker access.
• SonicWall urges rotating all credentials and certificates, rebinding authenticators, hardening devices, and migrating off SMA 100 before support ends on December 31, 2025.