Primary

Context

SODOLA SL902-SWTGW124AS Authentication Vulnerability Allowing Unverified Password Changes

Vulnerability

An authentication vulnerability has been identified in SODOLA SL902-SWTGW124AS firmware versions through 200.1.20. This vulnerability allows authenticated users to change account passwords without verifying the current password. As a result, attackers who gain access to an authenticated session can modify credentials, ensuring persistent access to the management interface.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, allowing attackers to maintain access to the management interface.

Remediation

Users can upgrade to the latest firmware version, which is available on the SODOLA website. Instructions for upgrading the firmware are included in the SODOLA Managed Switch Web Manual.

Added: Feb 27, 2026, 7:19 PM

Updated: Feb 27, 2026, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.5

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.5

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SODOLA SL902-SWTGW124AS Authentication Vulnerability Allowing Unverified Password Changes

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating