Primary

Context

SODOLA SL902-SWTGW124AS MD5 Session Token Generation Vulnerability

Vulnerability

A vulnerability exists in the SODOLA SL902-SWTGW124AS firmware versions through 200.1.20, where the outdated and cryptographically weak MD5 hash function is used to generate session cookies. This flaw compromises session security, allowing attackers to predict session tokens and exploit MD5's known collision vulnerabilities to create fake session cookies, potentially leading to unauthorized access to the device.

Impact

Exploitation of this vulnerability allows for session hijacking, where an attacker can forge valid session cookies and gain unauthorized access to the device.

Remediation

Users can upgrade to the latest firmware version, which is available on the SODOLA website. Instructions for upgrading the firmware are included in the SODOLA Managed Switch Web Manual.

Added: Feb 27, 2026, 7:20 PM

Updated: Feb 27, 2026, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SODOLA SL902-SWTGW124AS MD5 Session Token Generation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating