CRITICAL🇵🇱 Wersja polska

CVE-2026-27755

CVSS 9.3v4.0pub. 2026-02-27upd. 2026-03-03

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Sodola Network Sl902 Swtgw124as

    HW
    Sodola-Network
    wszystkie wersje
  • Sodola Network Sl902 Swtgw124as Firmware

    OS
    Sodola-Network
    ≤ 200.1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-27751CRITICAL9.3PL ✓ten sam produkt

Domyślne dane uwierzytelniające w firmware Sodola SL902-SWTGW124AS

CVE-2026-27752HIGH8.2ten sam produkt

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypte...

CVE-2026-27757HIGH7.1ten sam produkt

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows...

CVE-2026-27758MEDIUM5.1ten sam produkt

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability ...

CVE-2026-27754MEDIUM6.9ten sam produkt

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function ...