SODOLA SL902-SWTGW124AS Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the SODOLA SL902-SWTGW124AS firmware versions through 200.1.20. This vulnerability exists in the management interface, where attackers can trick authenticated users into submitting forged requests. These malicious requests can perform unauthorized configuration or administrative actions using the victim's privileges, but only when the authenticated user visits a malicious webpage.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can perform actions on behalf of an authenticated user without their consent.

Remediation

Users can upgrade to the latest firmware version available for their specific switch model. For the SL902-SWTGW124AS model, the firmware version 200.1.30 is available. Instructions for upgrading the firmware are provided on the SODOLA website.