HIGHCVE-2026-27752Published Modified CNA VulnCheck
CVE-2026-27752: SODOLA SL902-SWTGW124AS <= 200.1.20 Cleartext Credential Transmission
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
Metrics
- CVSS v4.0
- 8.2
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) / SODOLA SL902-SWTGW124AS≤ 200.1.20
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences