If your business uses SonicWall firewalls to protect your network or enable remote access, there’s a security issue you should know about. Many companies believe they’re protected because their systems are “patched,” but recent events show that’s not always the case.
Hackers are actively targeting SonicWall devices, especially businesses using Gen 7 firewalls with VPN access turned on. The problem? Some of these firewalls still have leftover passwords from older systems that were never reset, giving attackers an easy way in.
What’s Really Going On?
Earlier this year, SonicWall released a patch for a known security flaw that affects how users connect to the firewall remotely. That issue, tracked as CVE‑2024‑40766, has already been fixed in newer firmware.
But here’s the catch:
When businesses upgraded from older SonicWall hardware (Gen 6) to Gen 7, many kept using the same passwords or carried over outdated user accounts without realizing it. As a result, hackers are now using those forgotten credentials to gain access.
This isn’t a new vulnerability — it’s a failure to clean up old data during system upgrades. And it’s putting businesses at risk of ransomware, data theft, and major downtime.
What Should You Do Right Now?
Here are five simple but critical actions your business should take today:
- Update your SonicWall firmware to the latest version (7.3.0 or newer)
- Reset all local user passwords, especially if you recently upgraded hardware
- Remove old or unused user accounts that could still be active
- Turn on security features like botnet blocking and location-based filtering
- Set up multi-factor authentication (MFA) to prevent unauthorized access
If you’re not sure whether your system is affected, a professional security review is the best next step.
Why This Matters for Arizona Businesses
This issue highlights why firewall maintenance and password hygiene are essential for any company with remote employees, VPN access, or customer data. Many small businesses assume their firewall is set up correctly because they paid for installation — but most don’t have regular audits or managed IT support.
If you’re running a SonicWall firewall and haven’t done a security check in the past six months, you could be exposed without even knowing it.
How Asteroid IT Can Help
At Asteroid IT, we specialize in helping small and mid-sized businesses stay ahead of threats like this. We provide:
- Managed IT Services that include regular updates, audits, and security patches
- Firewall configuration and hardening for SonicWall, Fortinet, and other major brands
- Cybersecurity for small business, including email, VPN, and endpoint protection
- IT compliance services for HIPAA, FTC Safeguards, and CMMC requirements
- Remote IT support to fix problems quickly without interrupting your operations
We don’t just fix problems — we proactively prevent them with hands-on, locally delivered support.
Don’t wait until your network is compromised.
Schedule a free SonicWall security review with Asteroid IT today. We’ll check your firewall, reset old credentials, and lock down your remote access so you can focus on running your business.
Contact us now to get started.