CVE-2026-27752
Received
Received - Intake
Cleartext Credential Transmission in SODOLA SL902 Gateway Enables Admin Access
Publication date: 2026-02-27
Last updated on: 2026-03-03
Assigner: VulnCheck
Description
Description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sodola-network | sl902-swtgw124as_firmware | to 200.1.20 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
