CVE-2026-27757

SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change

CVSS 7.1 HIGHEPSS 0.3%CWE-620

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Productos afectados

Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) · SODOLA SL902-SWTGW124AS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-unverified-password-change