CVE-2026-27755 — CRITICAL (9.8)

Q: How severe is CVE-2026-27755?

CVE-2026-27755 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-27755?

Check the references section above for vendor advisories and patch information. Affected products include: Sodola-Network Sl902-Swtgw124As Firmware, Sodola-Network Sl902-Swtgw124As.

Vulnerability Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sodola-Network	Sl902-Swtgw124As Firmware	<= 200.1.20
Sodola-Network	Sl902-Swtgw124As	-

Related Weaknesses (CWE)

CWE-330

References

FAQ

What is CVE-2026-27755?

CVE-2026-27755 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5...

How severe is CVE-2026-27755?

CVE-2026-27755 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-27755?

Check the references section above for vendor advisories and patch information. Affected products include: Sodola-Network Sl902-Swtgw124As Firmware, Sodola-Network Sl902-Swtgw124As.