Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
SODOLA SL902-SWTGW124AS: Default Password Allows Remote Access
CVE-2026-27751
Summary
The SODOLA SL902-SWTGW124AS device's default password is not changed by its users, allowing unauthorized access to the management interface. This means that anyone can log in to the device remotely with the default password without needing to guess or crack it. To fix this, change the default password immediately to prevent unauthorized access.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sodola-network | sl902-swtgw124as_firmware | <= 200.1.20 | – |
Original title
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Atta...
Original description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-1392
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026