← Retour aux CVEs
CVE-2026-27751
CRITICAL9.8
Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/27/2026
Derniere modification3/4/2026
Sourcenvd
Observations honeypot0
Produits affectes
sodola-network:sl902-swtgw124assodola-network:sl902-swtgw124as_firmware
Faiblesses (CWE)
CWE-1392
References
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-use-of-default-credentials(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.