← volver
CVE-2026-27756

SODOLA SL902-SWTGW124AS <= 200.1.20 Reflected XSS in Management Interface

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) · SODOLA SL902-SWTGW124AS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switchhttps://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-reflected-xss-in-management-interface