PT-2026-22373 · Sodola · Sodola Sl902-Swtgw124As
Kazuma Matsumoto
·
Publicado
2026-02-27
·
Atualizado
2026-03-04
·
CVE-2026-27755
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20
Description
The firmware contains a weakness in how session identifiers are created. This allows attackers to create valid session identifiers without logging in, potentially gaining unauthorized access to the device. The session identifiers are generated using a predictable MD5-based method, enabling attackers to forge authenticated sessions.
Recommendations
Firmware versions prior to 200.1.20 should be updated.
Correção
Use of Insufficiently Random Values
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sodola Sl902-Swtgw124As