The vulnerability CVE-2026-27755 affects the SODOLA SL902-SWTGW124AS device firmware versions up to 200.1.20, produced by Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks). It stems from the use of insufficiently random values in session identifier generation, specifically relying on predictable MD5-based cookies. This weakness falls under CWE-330, which addresses the use of weak randomness in security-critical contexts. Because the session IDs can be computed offline by an attacker who knows or can guess valid credentials, the attacker can bypass the authentication mechanism entirely, gaining unauthorized access to the device without completing the login process. The vulnerability requires no privileges, no user interaction, and can be exploited remotely over the network, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality, integrity, and availability is high, as attackers can fully control the device and potentially pivot to other network assets. Currently, no patches or fixes have been published by the vendor, and no known exploits have been observed in the wild. The device is likely used in network gateway or security appliance roles, making this vulnerability particularly concerning for organizations relying on these devices for network security and management.

The vulnerability allows attackers to bypass authentication and gain unauthorized access to the affected device, potentially leading to full device compromise. This can result in exposure of sensitive configuration data, interception or manipulation of network traffic, and disruption of network services. Since the device likely functions as a gateway or security appliance, compromise could enable attackers to move laterally within an organization's network, escalate privileges, or exfiltrate data. The ease of exploitation without any authentication or user interaction increases the risk of automated attacks and widespread exploitation once public exploit code becomes available. Organizations worldwide using this device face risks of operational disruption, data breaches, and loss of network integrity.

Until an official patch is released, organizations should implement strict network segmentation to isolate the affected devices from untrusted networks and limit access to trusted administrators only. Employ network-level access controls such as firewall rules and VPNs to restrict management interface exposure. Monitor device logs and network traffic for unusual authentication bypass attempts or session anomalies. Enforce strong credential policies to reduce the risk of attackers guessing valid credentials. Consider deploying intrusion detection/prevention systems that can identify exploitation attempts targeting this vulnerability. Once the vendor releases a firmware update addressing the issue, prioritize immediate testing and deployment of the patch. Additionally, maintain an inventory of affected devices to ensure comprehensive coverage of mitigation efforts.