Sl902 Swtgw124as Firmware
Monthly
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site request forgery (csrf) (CVSS 4.3).
Sl902-Swtgw124As Firmware versions up to 200.1.20 contains a vulnerability that allows attackers to change account passwords without verifying the current password (CVSS 7.1).
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site scripting (xss) (CVSS 6.1).
Weak session identifier generation in SODOLA SL902-SWTGW124AS network switch firmware allows attackers to predict session tokens and hijack administrative sessions.
Session cookie forgery in SODOLA SL902-SWTGW124AS firmware through version 200.1.20 stems from the use of cryptographically broken MD5 hashing for session token generation, allowing unauthenticated remote attackers to forge valid session cookies and gain unauthorized device access. The vulnerability requires no user interaction and affects all default configurations, with no patch currently available. MD5's known collision vulnerabilities combined with predictable token generation significantly lower the computational barrier for successful exploitation.
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by improper restriction of excessive authentication attempts (CVSS 6.5).
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cleartext transmission of sensitive information (CVSS 5.9).
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default credentials are publicly known, enabling complete device takeover.
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site request forgery (csrf) (CVSS 4.3).
Sl902-Swtgw124As Firmware versions up to 200.1.20 contains a vulnerability that allows attackers to change account passwords without verifying the current password (CVSS 7.1).
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cross-site scripting (xss) (CVSS 6.1).
Weak session identifier generation in SODOLA SL902-SWTGW124AS network switch firmware allows attackers to predict session tokens and hijack administrative sessions.
Session cookie forgery in SODOLA SL902-SWTGW124AS firmware through version 200.1.20 stems from the use of cryptographically broken MD5 hashing for session token generation, allowing unauthenticated remote attackers to forge valid session cookies and gain unauthorized device access. The vulnerability requires no user interaction and affects all default configurations, with no patch currently available. MD5's known collision vulnerabilities combined with predictable token generation significantly lower the computational barrier for successful exploitation.
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by improper restriction of excessive authentication attempts (CVSS 6.5).
Sl902-Swtgw124As Firmware versions up to 200.1.20 is affected by cleartext transmission of sensitive information (CVSS 5.9).
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default credentials are publicly known, enabling complete device takeover.