CVE-2026-27751 CRITICAL

CVE-2026-27751: SODOLA SL902-SWTGW124AS <= 200.1.20 Use of Default Credentials

Vendor Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product SODOLA SL902-SWTGW124AS
Weakness CWE-1392
Published February 27, 2026
Last update March 2, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.

Key dates

02Disclosure timeline

February 27, 2026 CVE published
March 2, 2026 Record updated