Primary

Context

SODOLA SL902-SWTGW124AS Session Identifier Generation Vulnerability Allowing Authentication Bypass

Vulnerability

A vulnerability exists in the SODOLA SL902-SWTGW124AS firmware versions through 200.1.20, related to the generation of session identifiers. This vulnerability allows attackers to forge authenticated sessions by creating predictable MD5-based cookies. Those who know or can guess valid credentials can calculate the session identifier offline, bypassing the authentication process and gaining unauthorized access to the device.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to the device.

Remediation

Users can upgrade to the latest firmware version available for their specific switch model. For the SL902-SWTGW124AS model, the latest firmware version is 200.1.30. Instructions for upgrading the firmware are available on the SODOLA website.

Added: Feb 27, 2026, 7:19 PM

Updated: Feb 27, 2026, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SODOLA SL902-SWTGW124AS Session Identifier Generation Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating