Sl902 Swtgw124as Firmware
CVE-2026-27757
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
AnalysisAI
Sl902-Swtgw124As Firmware versions up to 200.1.20 contains a vulnerability that allows attackers to change account passwords without verifying the current password (CVSS 7.1).
Technical ContextAI
affects Sl902-Swtgw124As Firmware. SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Sl902 Swtgw124as Firmware
View allWeak session identifier generation in SODOLA SL902-SWTGW124AS network switch firmware allows attackers to predict sessio
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default cred
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by improper restriction of excessive authentication attemp
Session cookie forgery in SODOLA SL902-SWTGW124AS firmware through version 200.1.20 stems from the use of cryptographica
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site scripting (xss) (CVSS 6.1).
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cleartext transmission of sensitive information (CVSS 5
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site request forgery (csrf) (CVSS 4.3).
Same weakness CWE-620 – Unverified Password Change
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today