SODOLA SL902-SWTGW124AS Cleartext Credential Transmission Vulnerability

A vulnerability exists in SODOLA SL902-SWTGW124AS firmware versions through 200.1.20, where authentication credentials are transmitted over unencrypted HTTP. This flaw allows attackers to intercept credentials and reuse them to gain administrative access to the gateway. The vulnerability arises from the lack of encryption in the transmission of sensitive information, leaving it exposed to interception by anyone monitoring the network traffic between the user and the device.

Impact

Exploitation of this vulnerability allows for the interception of authentication credentials, which can be reused to gain administrative access to the affected gateway.

Remediation

Users can upgrade to the latest firmware version to address this vulnerability. The firmware update for the SL902-SWTGW124AS model is available as a .bin file and should be applied using the device's web management interface. Instructions for the upgrade process are included with the firmware download.