Home / Vulnerability Intelligence / CVE-2026-27751

CVE-2026-27751 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 27, 2026

SODOLA SL902-SWTGW124AS - Authentication Bypass

Published: February 27, 2026Updated: February 27, 2026Remote Exploitable

Overview

SODOLA SL902-SWTGW124AS firmware <= 200.1.20 contains a hardcoded credentials vulnerability allowing remote attackers to authenticate with default credentials and gain administrative access to the management interface.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Remote attackers can gain full administrative control of the device, compromising device security and management.

Mitigation

Update to the latest firmware version that removes default credentials or enforces password change.

References

https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-use-of-default-credentials

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-27751
Severity: Critical
CVSS Score: 9.8
Type: hardcoded_credentials
Status: new

CWE

CWE-1392

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H