CVE-2026-27751

CRITICAL EPSS 35.8%

Published Feb 27, 20264mo ago · Modified Mar 4, 20263mo ago

9.3 CVSS 4.0

Critical

Published Feb 27, 2026 4mo ago

Last Modified Mar 4, 2026 3mo ago

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.

CVSS Details

Base Score

9.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

35.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-1392

Affected Products 2

Vendor	Product	Version	Range
sodola-network	sl902-swtgw124as_firmware	*	≤200.1.20
sodola-network	sl902-swtgw124as	*	any

References 2

sodola-network.com https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch

Product
vulncheck.com https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-use-of-default-credentials

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.