CVE-2026-27751
Published: 27 February 2026
Summary
CVE-2026-27751 is a critical-severity Use of Default Credentials (CWE-1392) vulnerability in Sodola-Network Sl902-Swtgw124As Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires changing default authenticators prior to first use, mitigating the hardcoded default credentials without password change enforcement.
Enables disabling, modifying, or removing default administrative accounts to prevent remote attackers from authenticating with known credentials.
Mandates identification, prioritization, and application of firmware updates to remediate the default credentials vulnerability in affected versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded default credentials on the remote management interface directly enable abuse of default accounts (T1078.001) for unauthenticated administrative access, initial access, and full control over the device.
NVD Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control…
more
of the device.
Deeper analysisAI
CVE-2026-27751, published on 2026-02-27, is a default credentials vulnerability classified under CWE-1392 in the SODOLA SL902-SWTGW124AS firmware versions through 200.1.20. This flaw stems from hardcoded default credentials in the device's management interface, with no enforcement requiring users to change them upon initial setup. The vulnerability enables remote attackers to authenticate and obtain administrative access, earning a critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Any remote attacker with network access to the management interface can exploit this vulnerability without needing privileges, user interaction, or special conditions. Successful authentication using the default credentials grants full administrative control over the switch, allowing attackers to reconfigure settings, monitor traffic, or disrupt operations, with high impacts on confidentiality, integrity, and availability.
Advisories and references, including the vendor product page at https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch and the VulnCheck advisory at https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-use-of-default-credentials, detail the issue but do not specify patches or mitigations in the provided information. Security practitioners should consult these sources and the vendor for updates on firmware patches or hardening guidance.
Details
- CWE(s)