Cyber Resilience

CVE-2026-27751

CriticalPublic PoC

Published: 27 February 2026

Published
27 February 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0045 35.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-27751 is a critical-severity Use of Default Credentials (CWE-1392) vulnerability in Sodola-Network Sl902-Swtgw124As Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 35.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2026-27751, published on 2026-02-27, is a default credentials vulnerability classified under CWE-1392 in the SODOLA SL902-SWTGW124AS firmware versions through 200.1.20. This flaw stems from hardcoded default credentials in the device's management interface, with no enforcement requiring users to change them upon initial setup. The vulnerability enables remote attackers to authenticate and obtain administrative access, earning a critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Any remote attacker with network access to the management interface can exploit this vulnerability without needing privileges, user interaction, or special conditions. Successful authentication using the default credentials grants full administrative control over the switch, allowing attackers to reconfigure settings, monitor traffic, or disrupt operations, with high impacts on confidentiality, integrity, and availability.

Advisories and references, including the vendor product page at https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch and the VulnCheck advisory at https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-use-of-default-credentials, detail the issue but do not specify patches or mitigations in the provided information. Security practitioners should consult these sources and the vendor for updates on firmware patches or hardening guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control…

more

of the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Hardcoded default credentials on the remote management interface directly enable abuse of default accounts (T1078.001) for unauthenticated administrative access, initial access, and full control over the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27755Same product: Sodola-Network Sl902-Swtgw124As
CVE-2026-27757Same product: Sodola-Network Sl902-Swtgw124As
CVE-2025-2398Shared CWE-1392
CVE-2025-54756Shared CWE-1392
CVE-2022-50803Shared CWE-1392
CVE-2026-26341Shared CWE-1392
CVE-2026-7365Shared CWE-1392
CVE-2025-8731Shared CWE-1392
CVE-2026-1803Shared CWE-1392
CVE-2025-1160Shared CWE-1392

Affected Assets

sodola-network
sl902-swtgw124as firmware
≤ 200.1.20

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires changing default authenticators prior to first use, mitigating the hardcoded default credentials without password change enforcement.

prevent

Enables disabling, modifying, or removing default administrative accounts to prevent remote attackers from authenticating with known credentials.

prevent

Mandates identification, prioritization, and application of firmware updates to remediate the default credentials vulnerability in affected versions.

References