CVE-2026-27751: SODOLA SL902

Overview

A critical security vulnerability has been identified in certain SODOLA industrial networking gateways. The vulnerability stems from the device firmware containing unchangeable, factory-set default administrator credentials. This allows any remote attacker who can reach the device’s management interface to log in with full administrative privileges, completely bypassing normal authentication.

Vulnerability Details

The affected product is the SODOLA SL902-SWTGW124AS industrial gateway. All firmware versions up to and including 200.1.20 are vulnerable. The device’s software contains hardcoded default username and password combinations that cannot be changed by the user. Furthermore, the system does not force or prompt the administrator to set a new, strong password upon first use. An attacker can easily discover or guess these common defaults to gain access.

Potential Impact

The impact of this vulnerability is severe. With administrative access, an attacker can:

• Completely compromise the device: Modify network settings, intercept or block data traffic, and disable security functions.
• Use the device as an entry point: Move laterally from the gateway into the broader industrial control or corporate network it connects to.
• Disrupt operations: Alter configurations to cause network outages or operational downtime in critical industrial environments.
• Deploy malware: Install persistent malicious software on the gateway itself.

Given the CVSS score of 9.8 (Critical), this flaw is considered highly exploitable with minimal complexity and can lead to a full compromise of confidentiality, integrity, and system availability.

Remediation and Mitigation

Immediate action is required for all users of the SODOLA SL902-SWTGW124AS gateway.

Primary Remediation:

1. Contact the Vendor: Immediately reach out to SODOLA support to inquire about a firmware update that addresses CVE-2026-27751. Apply any patched firmware (version newer than 200.1.20) as soon as it is available and tested in your environment.

Immediate Mitigations (If a Patch is Not Yet Available):

1. Isolate the Device: Restrict network access to the gateway’s management interface. Use firewall rules to ensure it is not accessible from the public internet or untrusted network segments. Only allow connections from specific, necessary administrative workstations.
2. Monitor Access Logs: Closely review the device’s authentication and access logs for any suspicious login attempts, especially from unexpected IP addresses.
3. Network Segmentation: Ensure the gateway and the industrial devices behind it are placed in a dedicated, isolated network zone with strict traffic controls to limit the potential for lateral movement if a breach occurs.

Important Note: Simply trying to change the admin password in the web interface is not a solution, as the hardcoded credentials will still function. You must rely on network-level controls until a firmware patch is applied.