Home / Vulnerability Intelligence / CVE-2026-27755

CVE-2026-27755 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

SODOLA SL902-SWTGW124AS - Authentication Bypass

Published: February 27, 2026Updated: March 2, 2026Remote Exploitable

Overview

SODOLA SL902-SWTGW124AS firmware <= 200.1.20 contains a broken authentication caused by weak MD5-based session identifier generation, letting attackers with valid credentials bypass authentication and gain unauthorized access.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 10.7%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass authentication and gain unauthorized access to the device.

Mitigation

Update to the latest firmware version beyond 200.1.20.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Feb 28, 2026

🚨 CRITICAL: CVE-2026-27755 in SODOLA SL902-SWTGW124AS (≤200.1.20) lets attackers forge MD5-based session IDs, bypassing auth remotely. No patch yet — segment, restrict, monitor! https://radar.offseq.com/threat/cve-2026-27755-cwe-330-use-of-insufficiently-rando-27c7bdab #OffSeq #CVE202627755 #IoTSecurity #Infosec

View original post

TheHackerWire

@thehackerwire

Feb 28, 2026

🔴 CVE-2026-27755 - Critical (9.8) SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess val... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27755/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27755
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 10.7%
Social Posts: 2

CWE

CWE-330

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

10.7%Probability of exploitation in the next 30 days