SODOLA SL902-SWTGW124AS: Weak Session Cookies Expose Device to Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.9

SODOLA SL902-SWTGW124AS: Weak Session Cookies Expose Device to Unauthorized Access

CVE-2026-27754

Summary

Old firmware versions of the SODOLA SL902-SWTGW124AS use a weak method to generate session cookies, making it possible for attackers to trick the device into thinking they're legitimate users. This could allow unauthorized access to the device. Update to the latest firmware version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
sodola-network	sl902-swtgw124as_firmware	<= 200.1.20	–

Original title

Original description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies and gain unauthorized access to the device.

nvd CVSS3.1 6.5

nvd CVSS4.0 6.9

Vulnerability type

CWE-328

https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-swit... Product
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-md5-session-token-g... Third Party Advisory

Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026