Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)

Source -

CNA

BOS Name -

N/A

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2026-27758
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:11
Updated-27 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 Missing CSRF Protections

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized configuration or administrative actions with the victim's privileges when the authenticated user visits a malicious webpage.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-27757
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:11
Updated-27 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-620
Unverified Password Change
CVE-2026-27756
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:10
Updated-27 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 Reflected XSS in Management Interface

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27755
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:09
Updated-27 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2026-27754
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:09
Updated-27 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 MD5 Session Token Generation

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies and gain unauthorized access to the device.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-328
Use of Weak Hash
CVE-2026-27753
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:09
Updated-27 Feb, 2026 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 Improper Login Rate Limiting

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate limiting restrictions to gain unauthorized access to the device management interface.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2026-27752
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.2||HIGH
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:08
Updated-27 Feb, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 Cleartext Credential Transmission

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-27751
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:07
Updated-27 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SODOLA SL902-SWTGW124AS <= 200.1.20 Use of Default Credentials

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.

Action-Not Available
Vendor-Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product-SODOLA SL902-SWTGW124AS
CWE ID-CWE-1392
Use of Default Credentials