PT-2026-22375 · Sodola · Sodola Sl902-Swtgw124As

Kazuma Matsumoto

Published

2026-02-27

Updated

2026-03-04

CVE-2026-27757

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SODOLA SL902-SWTGW124AS firmware versions through 200.1.20

Description The device allows authenticated users to change account passwords without verifying the current password. An attacker gaining access to an authenticated session can modify credentials, potentially maintaining persistent access to the management interface.

Recommendations Update to a firmware version newer than 200.1.20.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-620

Related Identifiers

CVE-2026-27757

Affected Products

Sodola Sl902-Swtgw124As

PT-2026-22375 · Sodola · Sodola Sl902-Swtgw124As

CVE-2026-27757

Weakness Enumeration

Related Identifiers

Affected Products

References · 9