Vulnerability Details CVE-2026-27752
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2026-27752
-
cpe:2.3:h:sodola-network:sl902-swtgw124as:-
-
cpe:2.3:o:sodola-network:sl902-swtgw124as_firmware:200.1.20