CVE-2026-27752 is a vulnerability classified under CWE-319, indicating the cleartext transmission of sensitive information. The affected product is the SODOLA SL902-SWTGW124AS gateway device manufactured by Shenzhen Hongyavision Technology Co., Ltd. Firmware versions up to 200.1.20 transmit authentication credentials over unencrypted HTTP connections. This insecure communication channel allows any attacker positioned on the network path between a legitimate user and the device to intercept these credentials. Since the credentials are sent in cleartext, they can be captured using common network sniffing tools without requiring sophisticated techniques. Once obtained, the attacker can reuse the credentials to gain administrative access to the device, potentially allowing full control over the gateway. The vulnerability requires no user interaction and no prior authentication, making it highly exploitable. The CVSS v4.0 base score is 8.2 (high), reflecting the network attack vector, low attack complexity, and high impact on confidentiality. The vulnerability does not affect integrity or availability directly but compromises the device's administrative security. No patches or firmware updates have been released at the time of publication, and no known exploits have been observed in the wild. The device is typically used in network gateway roles, making it a critical point of control in affected environments.

The primary impact of this vulnerability is the compromise of administrative credentials, which can lead to unauthorized administrative access to the SODOLA SL902-SWTGW124AS gateway. This access can allow attackers to alter device configurations, intercept or redirect network traffic, disable security controls, or pivot to other internal systems. Organizations relying on this gateway for network security or traffic management face significant risks including data breaches, network downtime, and loss of control over critical infrastructure. The ease of exploitation and lack of required user interaction increase the likelihood of successful attacks, especially in environments where network traffic is not adequately segmented or encrypted. The vulnerability undermines confidentiality of credentials and can facilitate further attacks within the network. Given the device’s role, the impact extends beyond the device itself to potentially compromise entire network segments or connected systems.

1. Immediately isolate the affected SODOLA SL902-SWTGW124AS devices from untrusted or public networks to prevent attackers from intercepting traffic. 2. Implement network-level encryption such as VPN tunnels or IPsec to secure communications between users and the device until a firmware patch is available. 3. Use network segmentation and strict access controls to limit which hosts can communicate with the gateway device. 4. Monitor network traffic for signs of credential interception or unauthorized administrative access attempts, including unusual login times or source IP addresses. 5. Enforce strong, unique administrative passwords and consider multi-factor authentication if supported by the device. 6. Engage with the vendor for firmware updates or patches addressing this vulnerability and plan for prompt deployment once available. 7. If possible, replace or upgrade devices that cannot be secured or patched in a timely manner. 8. Educate network administrators about the risks of transmitting credentials in cleartext and the importance of encrypted management channels.