← Zuruck zu CVEs
CVE-2026-27757
HIGH7.1
Beschreibung
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
CVE Details
CVSS v3.1 Bewertung7.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht2/27/2026
Zuletzt geandert3/3/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
sodola-network:sl902-swtgw124assodola-network:sl902-swtgw124as_firmware
Schwachen (CWE)
CWE-620
Referenzen
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-unverified-password-change(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.