← Voltar para CVEs
CVE-2026-27757
HIGH7.1
Descricao
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
Detalhes CVE
Pontuacao CVSS v3.17.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/27/2026
Ultima modificacao3/3/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
sodola-network:sl902-swtgw124assodola-network:sl902-swtgw124as_firmware
Fraquezas (CWE)
CWE-620
Referencias
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-unverified-password-change(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.