CVE-2026-27758 is a cross-site request forgery (CSRF) vulnerability identified in the management interface of the SODOLA SL902-SWTGW124AS device, produced by Shenzhen Hongyavision Technology Co., Ltd. The affected firmware versions up to 200.1.20 do not adequately validate the origin or authenticity of requests submitted to the device's administrative interface. This flaw enables remote attackers to craft malicious web pages that, when visited by an authenticated user of the device's management interface, cause the victim's browser to unknowingly submit forged requests. These requests can perform unauthorized configuration changes or administrative actions with the victim's privileges, potentially compromising device security and network integrity. The vulnerability does not require the attacker to have any privileges or authentication, but it does require user interaction in the form of visiting a malicious webpage. The CVSS 4.0 base score is 5.1, reflecting medium severity, with attack vector network, low attack complexity, no privileges required, but user interaction needed. The vulnerability impacts the integrity and confidentiality of device configurations but does not affect availability. No patches or mitigations have been officially released yet, and no known exploits are currently in the wild. This vulnerability is classified under CWE-352, which covers CSRF issues where state-changing requests lack proper anti-CSRF tokens or validation mechanisms.

The primary impact of this vulnerability is unauthorized modification of device configurations and administrative settings, which can lead to compromised device integrity and potential exposure of sensitive network information. Attackers exploiting this vulnerability can manipulate network routing, firewall rules, or other critical settings, potentially enabling further network intrusion or data exfiltration. Since the device is likely used in network gateway or security roles, unauthorized changes could degrade network security posture or disrupt operations. The requirement for user interaction limits the attack scope but does not eliminate risk, especially in environments where users frequently access the management interface. Organizations relying on this device may face increased risk of targeted attacks aiming to leverage this vulnerability for lateral movement or persistent access within networks. The absence of patches increases exposure duration, and the lack of known exploits suggests the vulnerability is not yet widely weaponized but could be targeted in the future.

To mitigate this vulnerability, organizations should immediately restrict access to the SODOLA SL902-SWTGW124AS management interface to trusted networks and users only, ideally via VPN or secure management VLANs. Implement network-level controls such as IP whitelisting and firewall rules to limit management interface exposure. Educate users about the risks of visiting untrusted websites while authenticated to the device's management interface to reduce the likelihood of CSRF exploitation. Employ web browser security features like disabling third-party cookies or using browser extensions that block cross-site requests. Monitor device logs for unusual configuration changes or access patterns. Until an official patch is released, consider deploying web application firewalls (WAFs) or reverse proxies that can detect and block suspicious CSRF attempts. Regularly check for firmware updates from the vendor and apply patches promptly once available. Additionally, consider multi-factor authentication for device management access to reduce risk from compromised user sessions.