SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change

Advisories

SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change

severity: high
date: 2/27/2026
Affecting: SODOLA SL902-SWTGW124AS <= 200.1.20
A defined version range remains undefined
CVE: CVE-2026-27757
CWE: CWE-620 Unverified Password Change
CVSS: 7.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
References: SODOLA Product Webpage
Credit: Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
Description: SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo