CVE-2026-27755CRITICAL 9.8EPSS p31.8%

CVE-2026-27755CVE-2026-27755

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.8% · 2026-06-18T12:00:27Z
Published2026-02-27
Last modified2026-03-03

Underlying weaknesses· 1

CWE-330

References

  1. https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch
  2. https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-predictable-session-id

1

TypeTargetConfidenceTier
WeaknessUse of Insufficiently Random Valuescwe-3300%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27751
CVE
CVE-2025-52689
CVE
CVE-2026-30702
CVE
CVE-2026-20998
CVE
CVE-2025-27595
CVE
CVE-2025-41652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.