CVE-2026-27754 identifies a cryptographic weakness in the SODOLA SL902-SWTGW124AS device firmware, specifically the use of the MD5 hash function for generating session cookies. MD5 is widely recognized as broken due to its susceptibility to collision attacks, where two different inputs produce the same hash output. This vulnerability arises because the device relies on MD5 to create session tokens that authenticate users' sessions. An attacker can exploit the predictability of these tokens combined with MD5's collision properties to forge valid session cookies without needing credentials or user interaction. This allows unauthorized access to the device's management interface or services, potentially leading to device control or data compromise. The vulnerability has a CVSS 4.0 base score of 6.9, reflecting network attack vector, no required privileges or user interaction, and low impact on confidentiality and integrity but no impact on availability. No patches are currently linked, and no active exploits are reported, indicating the vulnerability is newly disclosed. The affected product is a network gateway device produced by Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks), commonly used in certain enterprise or industrial environments. The weakness stems from legacy cryptographic choices and insufficient session token randomness, which modern security standards advise against. Remediation involves replacing MD5 with a secure hash function such as SHA-256 or better, improving session token entropy, and issuing firmware updates to all affected devices.

The primary impact of this vulnerability is unauthorized access to the affected device due to session cookie forgery. Attackers can bypass authentication mechanisms, potentially gaining administrative control or access to sensitive device functions. This compromises confidentiality and integrity of device management sessions, enabling further attacks such as network reconnaissance, configuration changes, or pivoting within the network. While availability is not directly impacted, unauthorized control could lead to denial-of-service or disruption if attackers manipulate device settings. Organizations relying on these devices for network gateway or security functions face increased risk of compromise, data leakage, and lateral movement by attackers. The lack of required privileges or user interaction makes exploitation easier, increasing the threat surface. The absence of known exploits suggests limited current impact but also highlights the need for proactive mitigation before attackers develop weaponized exploits. Overall, the vulnerability poses a moderate risk to organizations using the affected devices, especially in critical infrastructure or sensitive environments.

1. Immediate mitigation involves isolating affected devices from untrusted networks to reduce exposure. 2. Monitor network traffic for anomalous session cookie usage or unauthorized access attempts. 3. Contact the vendor for firmware updates that replace MD5 with a secure hash function and improve session token generation; prioritize applying these updates once available. 4. If firmware updates are unavailable, consider deploying compensating controls such as network segmentation, strict access control lists, and VPNs to restrict management interface access. 5. Implement multi-factor authentication (MFA) on device management interfaces if supported, to add an additional layer of security beyond session tokens. 6. Regularly audit device logs for suspicious activity indicative of session forgery attempts. 7. Educate network administrators about the risks of weak cryptographic functions and encourage migration to devices with modern security standards. 8. Develop incident response plans that include this vulnerability scenario to quickly contain potential breaches.