Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
SODOLA SL902 Gateway: Unencrypted Password Transmission Exposes Credentials
CVE-2026-27752
Summary
SODOLA SL902 gateways with outdated firmware transmit passwords in plain text over the internet, allowing hackers to intercept and reuse them to gain control of the device. This means that if you use these gateways, your passwords could be stolen and used against you. Update to the latest firmware version to fix this and keep your passwords secure.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sodola-network | sl902-swtgw124as_firmware | <= 200.1.20 | – |
Original title
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe ne...
Original description
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
nvd CVSS3.1
5.9
nvd CVSS4.0
8.2
Vulnerability type
CWE-319
Cleartext Transmission of Sensitive Information
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026