CVE-2026-27756

SODOLA SL902-SWTGW124AS <= 200.1.20 Reflected XSS in Management Interface

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) · SODOLA SL902-SWTGW124AS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-reflected-xss-in-management-interface