How to Fix CVE-2026-27755: SODOLA SL902-SWTGW124AS (Bundle Sibling)

By Sai Kiran Pandrala. Last verified: 2026-05-25.

CVE-2026-27755 is a sibling vulnerability in the same vendor advisory as CVE-2026-27751. Apply the same patched build and you close both. The technical detail below is what differs.

What's different about CVE-2026-27755?

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.

How to fix CVE-2026-27755

Apply the patched build per the primary write-up: How to Fix CVE-2026-27751. All commands, verification steps, and rollback notes for SODOLA SL902-SWTGW124AS are listed there.

Frequently asked questions

Does the CVE-2026-27751 patch close CVE-2026-27755?

Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.

Is CVE-2026-27755 listed in CISA KEV?

No public KEV listing at the time of this writing.

Where is the official advisory?

See https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch

References

• Official vendor advisory: https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch
• NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27755
• CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Primary: How to Fix CVE-2026-27751

*Written by Sai Kiran Pandrala. Part of the SODOLA SL902-SWTGW124AS bundle. Full procedure at how-to-fix-cve-2026-27751.*