CVE-2026-27751 is a vulnerability identified in the firmware of the SODOLA SL902-SWTGW124AS device, produced by Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks). The issue stems from the presence of hardcoded default credentials that are not enforced to be changed upon deployment or first use. Firmware versions up to 200.1.20 are affected. This allows remote attackers to authenticate to the device's management interface without any prior authentication or user interaction, gaining full administrative privileges. The vulnerability is classified under CWE-1392, indicating the use of default credentials. The CVSS 4.0 base score is 9.3, reflecting a critical severity level due to the vulnerability's network attack vector, low attack complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. The lack of password change enforcement exacerbates the risk, making it trivial for attackers to take control of the device remotely. While no public exploits are currently known, the vulnerability presents a significant risk to any organization deploying this hardware, especially in environments where these devices manage critical network functions or sensitive data.

The vulnerability allows attackers to gain full administrative control over the affected devices remotely without authentication barriers, leading to complete compromise of device functions. This can result in unauthorized access to sensitive network management interfaces, enabling attackers to alter configurations, intercept or redirect network traffic, disrupt network availability, or use the device as a pivot point for further attacks within an organization’s infrastructure. The confidentiality, integrity, and availability of the network and connected systems are at high risk. Organizations relying on these devices for critical infrastructure or sensitive communications may face operational disruptions, data breaches, or persistent unauthorized access. The ease of exploitation and the critical nature of administrative access make this vulnerability a severe threat to global organizations using these devices.

1. Immediate firmware upgrade: Organizations should verify the firmware version of their SODOLA SL902-SWTGW124AS devices and upgrade to a patched version once available from the vendor. 2. Change default credentials: If a patch is not yet available, manually change all default credentials on the device management interface to strong, unique passwords. 3. Network segmentation: Isolate affected devices on separate network segments with strict access controls to limit exposure to untrusted networks. 4. Access control: Restrict management interface access to trusted IP addresses or VPNs only. 5. Monitor logs and network traffic for unusual access patterns or authentication attempts targeting these devices. 6. Vendor engagement: Engage with Shenzhen Hongyavision Technology for official patches and security advisories. 7. Incident response readiness: Prepare to respond to potential compromises by backing up configurations and having recovery procedures in place. 8. Disable remote management if not required to reduce attack surface. These steps go beyond generic advice by focusing on immediate compensating controls and vendor coordination.