CVE-2026-27755

CRITICAL 9.8

SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.

CWE	CWE-330
Vendor	shenzhen hongyavision technology co., ltd. (sodola networks)
Product	sodola sl902-swtgw124as
Published	Feb 27, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for shenzhen hongyavision technology co., ltd. (sodola networks) sodola sl902-swtgw124as

Be the first to know when new critical vulnerabilities affecting shenzhen hongyavision technology co., ltd. (sodola networks) sodola sl902-swtgw124as are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) / SODOLA SL902-SWTGW124AS

0 ≤ 200.1.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sodola-network.com: https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch vulncheck.com: https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-predictable-session-id

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.