Cyber Posture

CVE-2026-27757

HighPublic PoC

Published: 27 February 2026

Published
27 February 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0006 18.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27757 is a high-severity Unverified Password Change (CWE-620) vulnerability in Sodola-Network Sl902-Swtgw124As Firmware. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Account Manipulation (T1098); ranked at the 18.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Account Manipulation (T1098).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
attack.mitre.org →
Why these techniques?

The vulnerability directly enables unauthorized password changes on existing accounts without current-password verification (CWE-620), mapping to account manipulation for persistence and credential control on the network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the…

more

management interface.

Deeper analysisAI

CVE-2026-27757, published on 2026-02-27, is an authentication vulnerability (CWE-620) in the SODOLA SL902-SWTGW124AS firmware versions through 200.1.20. The flaw allows authenticated users to change account passwords without verifying the current password, enabling unauthorized credential modifications. It has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N), indicating high integrity impact potential over the network.

Attackers require low privileges (PR:L) to exploit this vulnerability, gaining initial access to an authenticated session on the management interface. Once authenticated, exploitation is straightforward with low complexity and no user interaction needed. Successful attacks allow the adversary to alter passwords, securing persistent access to the device and potentially enabling further compromise of the network switch.

Advisories and vendor resources provide further details on the issue. Security practitioners should consult the VulnCheck advisory at https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-unverified-password-change and the SODOLA product page at https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch for any patch or mitigation guidance.

Details

CWE(s)
CWE-620

Affected Products

sodola-network
sl902-swtgw124as firmware
≤ 200.1.20

CVEs Like This One

CVE-2026-27755Same product: Sodola-Network Sl902-Swtgw124As
CVE-2026-27751Same product: Sodola-Network Sl902-Swtgw124As
CVE-2026-24440Shared CWE-620
CVE-2026-40588Shared CWE-620
CVE-2026-24443Shared CWE-620
CVE-2026-42084Shared CWE-620
CVE-2024-9431Shared CWE-620
CVE-2025-1107Shared CWE-620
CVE-2025-9286Shared CWE-620
CVE-2025-63362Shared CWE-620

References