Home / Vulnerability Intelligence / CVE-2026-27751

CVE-2026-27751 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

SODOLA SL902-SWTGW124AS - Authentication Bypass

Published: February 27, 2026Updated: March 2, 2026Remote Exploitable

Overview

SODOLA SL902-SWTGW124AS firmware <= 200.1.20 contains a hardcoded credentials vulnerability allowing remote attackers to authenticate with default credentials and gain administrative access to the management interface.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 3.8%(Probability of exploitation in next 30 days)

Impact

Remote attackers can gain full administrative control of the device, compromising device security and management.

Mitigation

Update to the latest firmware version that removes default credentials or enforces password change.

References

Social Media Activity(1 post)

Offensive Sequence

@offseq

Feb 28, 2026

🔐 CVE-2026-27751 (CRITICAL): SODOLA SL902-SWTGW124AS gateways (≤200.1.20) use default creds, enabling remote admin takeover. Change all passwords or restrict access ASAP! No patch yet. https://radar.offseq.com/threat/cve-2026-27751-cwe-1392-use-of-default-credentials-706a3fb0 #OffSeq #Vuln #IoTSecurity #NetworkSecurity

View original post

Related Resources

Details

CVE ID: CVE-2026-27751
Severity: Critical
CVSS Score: 9.8
Type: hardcoded_credentials
Status: unconfirmed
EPSS: 3.8%
Social Posts: 1

CWE

CWE-1392

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.8%Probability of exploitation in the next 30 days