CVE-2026-27752
Cleartext Credential Transmission in SODOLA SL902 Gateway Enables Admin Access
Publication date: 2026-02-27
Last updated on: 2026-03-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sodola-network | sl902-swtgw124as_firmware | to 200.1.20 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in SODOLA SL902-SWTGW124AS firmware versions through 200.1.20, where authentication credentials are transmitted over unencrypted HTTP.
This allows an attacker who can observe network traffic between a user and the device to intercept these credentials.
The attacker can then reuse the captured credentials to gain administrative access to the gateway.
How can this vulnerability impact me? :
An attacker intercepting authentication credentials can gain unauthorized administrative access to the affected gateway device.
This unauthorized access could lead to potential control over the device, compromising its security and possibly the network it is connected to.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know