Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
References (2)
Core 2
Core References
Various Sources product
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-unverified-password-change
Scores
CVSS v3
7.1
EPSS
0.0025
EPSS Percentile
16.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-620
Status
published
Products (1)
sodola-network/sl902-swtgw124as_firmware
< 200.1.20
Published
Feb 27, 2026
Tracked Since
Feb 28, 2026