CVE-2026-27752

SODOLA SL902-SWTGW124AS <= 200.1.20 Cleartext Credential Transmission

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.

INFO

Published Date :

2026-02-27T18:08:32.920Z

Last Modified :

2026-03-02T17:29:57.533Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2026-27752 vulnerability.

Vendors	Products
Shenzhen Hongyavision Technology Co	Sodola Sl902-swtgw124as
Sodola-network	Sl902-swtgw124as Sl902-swtgw124as Firmware
Sodolanetworks	Sodola Sl902-swtgw124as Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27752.

URL	Resource
https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch
https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-cleartext-credential-transmission

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact