CVE-2026-27755: SODOLA SL902

Overview

A critical security vulnerability has been identified in certain SODOLA network gateway devices. The flaw is in how the device creates session cookies-the digital “keys” that prove a user is logged in. Due to a weak and predictable method of generation, an attacker can forge these keys without needing to go through the normal login process.

Vulnerability Details

The affected SODOLA SL902-SWTGW124AS devices, running firmware version 200.1.20 and earlier, use the outdated MD5 hashing algorithm to create session identifiers. These identifiers are based on user credentials. Because the process is mathematically predictable and MD5 is considered cryptographically broken, an attacker who knows or can guess a valid username and password can calculate the correct session cookie offline. This allows them to craft a request that tricks the device into believing they are an authenticated, legitimate user.

Impact

The impact of this vulnerability is severe. A successful exploit grants an attacker full administrative access to the gateway device without ever logging in. Once inside, they can:

• Intercept, monitor, or modify network traffic.
• Change device configurations to disrupt operations.
• Use the device as a foothold to launch further attacks on the internal network.
• Potentially render the device inoperable.

Given that these devices often sit at the edge of a network, this level of unauthorized access represents a significant compromise of network integrity and security.

Remediation and Mitigation

Immediate action is required to protect affected systems.

Primary Remediation:

• Upgrade Firmware: Contact SODOLA support to obtain and install a firmware version newer than 200.1.20 that addresses this vulnerability. This is the only complete solution.

Immediate Mitigations (If Patching is Delayed):

• Isolate Devices: Restrict network access to the management interface of the affected gateway. Ensure it is not accessible from the public internet.
• Strengthen Credentials: Immediately change all associated passwords to long, complex, and unique passphrases. This makes credential guessing, which is a prerequisite for this attack, significantly more difficult.
• Monitor Logs: Closely review device authentication and access logs for any suspicious activity, such as logins from unexpected IP addresses.

All organizations using the SODOLA SL902-SWTGW124AS should check their firmware version and apply the update as soon as it is available from the vendor.