CVE-2026-27752

MEDIUM

SODOLA SL902-SWTGW124AS <200.1.20 - Info Disclosure

Title source: llm

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.

References (2)

[Various Sources] https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch

[Third Party Advisory] https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-cleartext-credential-transmission

Scores

CVSS v3 5.9

EPSS 0.0002

EPSS Percentile 3.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

sodola-network/sl902-swtgw124as_firmware < 200.1.20

Published Feb 27, 2026

Tracked Since Feb 28, 2026