EUVD-2026-9045

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

PT-2026-22373

Name of the Vulnerable Software and Affected Versions SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 Description The firmware contains a weakness in how session identifiers are created. This allows attackers to create valid session identifiers without logging in, potentially gaining...

CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

CVE-2020-36925

CVE-2020-36925 affects the Arteco Web Client DVR/NVR. The issue is a session hijacking vulnerability caused by insufficient session ID complexity, enabling attackers to brute‑force session IDs within a numeric range to bypass authentication and gain access to live camera streams. The available do...

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

PT-2023-22013 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.16.1 Description: An issue was discovered in LemonLDAP::NG that allows attackers to bypass 2FA verification due to weak session ID generation in the AuthBasic handler and incorrect failure handling during a...

DEBIAN-CVE-2014-2875

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID...

Multiple Alcatel-Lucent OmniSwitch Products Session Hijacking Vulnerability

The Alcatel-Lucent OmniSwitch 6450 is a switch product developed by Alcatel-Lucent of France. Several Alcatel-Lucent OmniSwitch products fail to properly generate weak session identifiers in the web management interface, allowing remote attackers to hijack sessions via brute force attacks...

CVE-2015-2804

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...

CVE-2015-2804

CVE-2015-2804 affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855) with AOS firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02. The vulnerability is weak session identifier generation in the management web interface, enabling remote session hijacking via brut...