PT-2026-22373 · Sodola · Sodola Sl902-Swtgw124As

Kazuma Matsumoto

Published

2026-02-27

Updated

2026-03-04

CVE-2026-27755

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SODOLA SL902-SWTGW124AS firmware versions through 200.1.20

Description The firmware contains a weakness in how session identifiers are created. This allows attackers to create valid session identifiers without logging in, potentially gaining unauthorized access to the device. The session identifiers are generated using a predictable MD5-based method, enabling attackers to forge authenticated sessions.

Recommendations Firmware versions prior to 200.1.20 should be updated.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

CVE-2026-27755

Affected Products

Sodola Sl902-Swtgw124As

PT-2026-22373 · Sodola · Sodola Sl902-Swtgw124As

CVE-2026-27755

Weakness Enumeration

Related Identifiers

Affected Products

References · 10