Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
SODOLA SL902-SWTGW124AS Management Interface Allows Malicious Scripts
CVE-2026-27756
Summary
The management interface of SODOLA SL902-SWTGW124AS devices with outdated firmware versions is vulnerable to a security threat. Attackers can create malicious links that execute unauthorized code when visited by authorized users. To protect your device, update the firmware to version 200.1.21 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sodola-network | sl902-swtgw124as_firmware | <= 200.1.20 | – |
Original title
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output....
Original description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026