Sl902 Swtgw124as Firmware
CVE-2026-27758
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized configuration or administrative actions with the victim's privileges when the authenticated user visits a malicious webpage.
AnalysisAI
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site request forgery (csrf) (CVSS 4.3).
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | CVSS 4.3 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker without authentication could exploit this vulnerability to induce authenticated users into submitting forged requests. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Sl902 Swtgw124as Firmware
View allWeak session identifier generation in SODOLA SL902-SWTGW124AS network switch firmware allows attackers to predict sessio
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default cred
Sl902-Swtgw124As Firmware versions up to 200.1.20 contains a vulnerability that allows attackers to change account passw
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by improper restriction of excessive authentication attemp
Session cookie forgery in SODOLA SL902-SWTGW124AS firmware through version 200.1.20 stems from the use of cryptographica
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site scripting (xss) (CVSS 6.1).
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cleartext transmission of sensitive information (CVSS 5
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today