Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 2, 2026

SODOLA SL902-SWTGW124AS <= 200.1.20 Cleartext Credential Transmission

CVE-2026-27752

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.

Affected products

SODOLA/SL902-SWTGW124ASllm-fuzzy
Range: <=200.1.20
Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)/SODOLA SL902-SWTGW124ASv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vulncheck.com/advisories/sodola-sl902-swtgw124as-cleartext-credential-transmissionmitrethird-party-advisory
www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switchmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000