CVE-2026-27752
Received Received - Intake

Cleartext Credential Transmission in SODOLA SL902 Gateway Enables Admin Access

Vulnerability report for CVE-2026-27752, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-27

Last updated on: 2026-03-03

Assigner: VulnCheck

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-27
Last Modified
2026-03-03
Generated
2026-07-06
AI Q&A
2026-02-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sodola-network sl902-swtgw124as_firmware to 200.1.20 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in SODOLA SL902-SWTGW124AS firmware versions through 200.1.20, where authentication credentials are transmitted over unencrypted HTTP.

This allows an attacker who can observe network traffic between a user and the device to intercept these credentials.

The attacker can then reuse the captured credentials to gain administrative access to the gateway.

Impact Analysis

An attacker intercepting authentication credentials can gain unauthorized administrative access to the affected gateway device.

This unauthorized access could lead to potential control over the device, compromising its security and possibly the network it is connected to.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27752. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart