The vulnerability identified as CVE-2026-27757 affects the SODOLA SL902-SWTGW124AS device firmware versions through 200.1.20, produced by Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks). This vulnerability is classified under CWE-620, which pertains to unverified password changes. Specifically, the device's management interface allows authenticated users to change account passwords without requiring verification of the current password. This means that once an attacker gains any authenticated session—whether through credential theft, session hijacking, or other means—they can alter account credentials arbitrarily. This flaw undermines the integrity of authentication controls by removing the safeguard of current password verification during password changes. The vulnerability does not require elevated privileges beyond authenticated access, nor does it require user interaction, making it relatively straightforward to exploit for those with access. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no attack prerequisites (AT:N), privileges required are low (PR:L), no user interaction (UI:N), low confidentiality impact (VC:L), high integrity impact (VI:H), no availability impact (VA:N), no scope change (SC:N), no impact on security requirements (SI:N), and no security attribute changes (SA:N). No known exploits are reported in the wild, and no official patches have been published at the time of analysis. The vulnerability enables attackers to maintain persistent unauthorized access by locking out legitimate users or escalating privileges through credential manipulation. This poses a significant risk to the confidentiality and integrity of device management and potentially the broader network environment if the device is a critical gateway or controller.

The primary impact of CVE-2026-27757 is the compromise of account integrity on the affected device, allowing attackers to change passwords without current password verification. This can lead to persistent unauthorized access to the management interface, enabling attackers to maintain control over the device indefinitely. For organizations, this could result in unauthorized configuration changes, disruption of network traffic, interception or manipulation of data, and potential lateral movement within the network. Since the device is a gateway or network management device, compromise could affect network availability indirectly or facilitate further attacks on connected systems. The vulnerability's exploitation requires authenticated access, which may limit exposure but also means that any credential compromise or session hijacking can be leveraged to escalate privileges. The lack of patches increases the window of exposure. Overall, this vulnerability threatens the confidentiality and integrity of network management and could lead to operational disruptions or data breaches in environments relying on this device.

1. Restrict access to the management interface of the SODOLA SL902-SWTGW124AS device to trusted networks and users only, using network segmentation and firewall rules. 2. Implement strong authentication mechanisms and monitor for unusual login patterns or multiple failed login attempts to detect potential credential compromise. 3. Employ multi-factor authentication (MFA) if supported by the device or surrounding infrastructure to reduce the risk of unauthorized authenticated sessions. 4. Regularly audit account credentials and management interface logs to identify unauthorized password changes or suspicious activity promptly. 5. Until an official patch is released, consider disabling remote management interfaces or using VPNs with strict access controls to limit exposure. 6. Engage with the vendor for updates or firmware patches and plan for timely deployment once available. 7. Educate administrators about the risk of session hijacking and credential theft to reinforce secure operational practices. 8. Use network intrusion detection systems (NIDS) to alert on anomalous management interface traffic patterns. These targeted steps go beyond generic advice by focusing on access control, monitoring, and operational security tailored to the vulnerability's characteristics.