exploitDog

CVE-2026-27751

Опубликовано: 27 фев. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.

Ссылки

https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch
Product
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-use-of-default-credentials
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sodola-network:sl902-swtgw124as_firmware:*:*:*:*:*:*:*:*

Версия до 200.1.20 (включая)

cpe:2.3:h:sodola-network:sl902-swtgw124as:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00449

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1392

Связанные уязвимости

GHSA-j48f-gjx4-8g9f

CVSS3: 9.8

github

4 месяца назад

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.

EPSS

Процентиль: 36%

0.00449

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1392