The vulnerability identified as CVE-2026-27757 affects the SODOLA SL902-SWTGW124AS network device firmware versions through 200.1.20. It is classified under CWE-620, which pertains to unverified password changes. Specifically, the device's management interface allows authenticated users to change account passwords without requiring verification of the current password. This means that any user who has successfully authenticated—regardless of their privilege level—can alter credentials for any account, including potentially administrative accounts. The lack of current password verification undermines the integrity of the authentication mechanism and enables attackers to establish persistent access by changing passwords to known values. The vulnerability does not require user interaction or elevated privileges beyond authentication, making it easier to exploit once access is obtained. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N) indicates network attack vector, low complexity, no attack prerequisites beyond authenticated user, no user interaction, low confidentiality impact, high integrity impact, no availability impact, and no scope change. No patches or exploits are currently publicly available, but the risk remains significant due to the potential for persistent unauthorized access and control over the device. This vulnerability is critical for organizations relying on this device for network management and security, as it could lead to unauthorized configuration changes, data interception, or denial of service.

The primary impact of CVE-2026-27757 is the compromise of account integrity on affected devices, enabling attackers with authenticated access to change passwords without verification. This can lead to persistent unauthorized access to the management interface, allowing attackers to maintain control even if initial access vectors are closed. Organizations could face unauthorized configuration changes, network disruptions, or data interception risks. The vulnerability undermines trust in device authentication and could facilitate lateral movement within networks. Since the device is likely used in network infrastructure, exploitation could impact availability and confidentiality indirectly through misconfigurations or further attacks. The ease of exploitation after authentication and the high integrity impact make this a significant threat to organizations using the affected firmware versions, especially in critical infrastructure or enterprise environments.

1. Immediately restrict access to the management interface of SODOLA SL902-SWTGW124AS devices to trusted networks and users only, using network segmentation and firewall rules. 2. Implement strong authentication mechanisms such as multi-factor authentication (MFA) if supported by the device or surrounding infrastructure to reduce risk of unauthorized authenticated access. 3. Monitor device logs and access patterns for unusual password changes or management interface activity to detect potential exploitation attempts early. 4. Coordinate with the vendor, Shenzhen Hongyavision Technology Co., Ltd., to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 5. If patches are not yet available, consider temporary compensating controls such as disabling remote management interfaces or using VPNs with strict access controls. 6. Conduct regular audits of user accounts and credentials on affected devices to identify unauthorized changes. 7. Educate administrators about the risk and ensure secure password management policies are enforced. 8. Employ network intrusion detection/prevention systems (IDS/IPS) to detect anomalous management interface traffic.