Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.
Published: 2026-02-27
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

SODOLA SL902‑SWTGW124AS firmware versions through 200.1.20 use a weak session identifier that can be computed by attackers who know or guess valid user credentials, allowing them to forge the MD5‑based cookie and skip the normal login process. The result is unrestricted access to the device’s configuration interface, giving attackers full control over the switch, potentially compromising confidentiality, integrity, and availability of the connected network. This weakness maps to CWE‑330, the use of weak cryptographic keys.

Affected Systems

Shenzhen Hongyavision Technology Co., Ltd., doing business as Sodola Networks, exposes the SODOLA SL902‑SWTGW124AS managed switch. Firmware versions 200.1.20 and earlier are affected; newer releases may contain a fix.

Risk and Exploitability

The vulnerability has a CVSS score of 9.3 and an EPSS score of less than 1 percent, indicating a very low but non‑zero probability of exploitation at the time of analysis. It is not currently listed in the U.S. CISA KEV catalog. The attack vector is most likely remote, as the device’s web interface can be accessed over the network. Attackers must first obtain or guess valid credentials, then compute the predictable session identifier offline. Once the forged cookie is supplied, the authentication step is bypassed and the attacker gains full administrative privileges. Given the device’s role in data center or enterprise environments, compromise can lead to widespread disruption or data exfiltration if the switch is part of critical infrastructure.

Generated by OpenCVE AI on April 16, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the switch firmware to a revision newer than 200.1.20, which removes the weak session ID calculation.
  • If an upgrade is unavailable, restrict web‑management access to a secured, internal network segment and enforce strong, regularly rotating passwords.
  • Continuously monitor management‑interface logs for unexpected authentication events and investigate anomalies promptly.
  • Consider disabling the web UI altogether and use a more secure CLI or SSH management method with multi‑factor authentication where possible.

Generated by OpenCVE AI on April 16, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Sodola-network
Sodola-network sl902-swtgw124as
Sodola-network sl902-swtgw124as Firmware
CPEs cpe:2.3:h:sodola-network:sl902-swtgw124as:-:*:*:*:*:*:*:*
cpe:2.3:o:sodola-network:sl902-swtgw124as_firmware:*:*:*:*:*:*:*:*
Vendors & Products Sodola-network
Sodola-network sl902-swtgw124as
Sodola-network sl902-swtgw124as Firmware

Mon, 02 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Sodolanetworks
Sodolanetworks sodola Sl902-swtgw124as Firmware
CPEs cpe:2.3:o:sodolanetworks:sodola_sl902-swtgw124as_firmware:*:*:*:*:*:*:*:*
Vendors & Products Sodolanetworks
Sodolanetworks sodola Sl902-swtgw124as Firmware

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Shenzhen Hongyavision Technology Co
Shenzhen Hongyavision Technology Co sodola Sl902-swtgw124as
Vendors & Products Shenzhen Hongyavision Technology Co
Shenzhen Hongyavision Technology Co sodola Sl902-swtgw124as

Fri, 27 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
Description SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.
Title SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID
Weaknesses CWE-330
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Shenzhen Hongyavision Technology Co Sodola Sl902-swtgw124as
Sodola-network Sl902-swtgw124as Sl902-swtgw124as Firmware
Sodolanetworks Sodola Sl902-swtgw124as Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-02T17:30:04.023Z

Reserved: 2026-02-23T21:38:48.842Z

Link: CVE-2026-27755

cve-icon Vulnrichment

Updated: 2026-02-27T19:01:12.235Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T19:16:09.527

Modified: 2026-03-03T19:09:12.973

Link: CVE-2026-27755

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:30:06Z

Weaknesses