CVE-2026-27756
Last modified
CVE-2026-27756 is a medium-severity vulnerability rated 5.1/10 on the CVSS scale. SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.
Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sodola-Network | Sl902-Swtgw124as Firmware | <= 200.1.20 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-27756?
How severe is CVE-2026-27756?
How do I fix CVE-2026-27756?
Are you affected by CVE-2026-27756?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST