← Retour aux CVEs
CVE-2026-27754
MEDIUM6.5
Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies and gain unauthorized access to the device.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/27/2026
Derniere modification3/3/2026
Sourcenvd
Observations honeypot0
Produits affectes
sodola-network:sl902-swtgw124assodola-network:sl902-swtgw124as_firmware
Faiblesses (CWE)
CWE-328
References
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-md5-session-token-generation(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.