← Retour aux CVEs
CVE-2026-27753
MEDIUM6.5
Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate limiting restrictions to gain unauthorized access to the device management interface.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/27/2026
Derniere modification3/3/2026
Sourcenvd
Observations honeypot0
Produits affectes
sodola-network:sl902-swtgw124assodola-network:sl902-swtgw124as_firmware
Faiblesses (CWE)
CWE-307
References
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-improper-login-rate-limiting(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.