📄 Description (English)
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
🤖 AI Executive Summary
SODOLA SL902-SWTGW124AS gateway firmware versions up to 200.1.20 transmit authentication credentials over unencrypted HTTP, enabling credential interception attacks. An attacker with network visibility can capture administrative credentials and gain unauthorized access to critical gateway infrastructure. This vulnerability affects industrial and enterprise network gateways commonly deployed in Saudi organizations, with no patch currently available.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 24, 2026 13:55
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi critical infrastructure sectors: (1) Energy sector (ARAMCO, regional utilities) — gateway compromise could disrupt SCADA/ICS networks; (2) Telecommunications (STC, Mobily, Zain) — credential theft enables unauthorized network access and potential service disruption; (3) Banking and Financial Services (SAMA-regulated institutions) — gateway access could facilitate lateral movement to payment systems; (4) Government agencies (NCA, NCSC oversight) — administrative access enables espionage and data exfiltration; (5) Healthcare institutions — network gateway compromise threatens patient data confidentiality. The lack of available patches creates prolonged exposure window for all affected organizations.
🏢 Affected Saudi Sectors
Energy (ARAMCO, utilities)
Telecommunications (STC, Mobily, Zain)
Banking and Financial Services
Government and Defense
Healthcare
Critical Infrastructure
Industrial Control Systems (ICS/SCADA)
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Inventory all SODOLA SL902-SWTGW124AS devices in your network and document firmware versions
2. Isolate affected gateways to network segments with restricted access and implement network segmentation
3. Change all administrative credentials immediately and enforce strong password policies (minimum 16 characters, complexity requirements)
4. Monitor for credential compromise indicators in authentication logs
Compensating Controls (until patch available):
5. Implement network-level encryption: Deploy VPN or IPsec tunnels for all traffic to/from affected gateways
6. Restrict administrative access: Implement IP whitelisting and require multi-factor authentication (MFA) for gateway access
7. Deploy network intrusion detection: Monitor for HTTP credential transmission patterns and suspicious authentication attempts
8. Implement SSL/TLS inspection at network perimeter to detect unencrypted credential transmission
9. Disable HTTP access entirely; enforce HTTPS-only communication where possible
10. Deploy honeypot credentials to detect unauthorized access attempts
Detection Rules:
- Alert on HTTP POST requests to gateway management interfaces containing 'password', 'credential', or 'auth' parameters
- Monitor for multiple failed authentication attempts followed by successful access
- Track all administrative login events with source IP logging
- Alert on gateway configuration changes outside maintenance windows
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع أجهزة SODOLA SL902-SWTGW124AS في شبكتك وتوثيق إصدارات البرامج الثابتة
2. عزل البوابات المتأثرة إلى قطاعات شبكية محدودة الوصول وتطبيق تقسيم الشبكة
3. غيّر جميع بيانات اعتماد المسؤول فوراً وفرض سياسات كلمات مرور قوية (16 حرفاً على الأقل مع متطلبات التعقيد)
4. راقب مؤشرات اختراق بيانات الاعتماد في سجلات المصادقة
الضوابط التعويضية (حتى توفر التصحيح):
5. تطبيق التشفير على مستوى الشبكة: نشر شبكات VPN أو نفق IPsec لجميع حركة المرور إلى/من البوابات المتأثرة
6. تقييد الوصول الإداري: تطبيق القائمة البيضاء للعناوين وطلب المصادقة متعددة العوامل (MFA) للوصول إلى البوابة
7. نشر كشف الاختراق على مستوى الشبكة: مراقبة أنماط نقل بيانات اعتماد HTTP ومحاولات المصادقة المريبة
8. تطبيق فحص SSL/TLS على محيط الشبكة لكشف نقل بيانات الاعتماد غير المشفرة
9. تعطيل الوصول عبر HTTP بالكامل؛ فرض الاتصال عبر HTTPS فقط حيث أمكن
10. نشر بيانات اعتماد العسل لكشف محاولات الوصول غير المصرح به
قواعد الكشف:
- تنبيه على طلبات HTTP POST إلى واجهات إدارة البوابة تحتوي على معاملات 'password' أو 'credential' أو 'auth'
- مراقبة محاولات المصادقة الفاشلة المتعددة متبوعة بالوصول الناجح
- تتبع جميع أحداث تسجيل الدخول الإداري مع تسجيل عنوان IP المصدر
- تنبيه على تغييرات تكوين البوابة خارج نوافذ الصيانة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.9.2.1 — User access management and authentication controls
ECC 2024 A.10.1.1 — Cryptography and encryption of sensitive data in transit
ECC 2024 A.12.4.1 — Event logging and monitoring of security events
ECC 2024 A.13.1.1 — Network security and segregation
🔵 SAMA CSF
SAMA CSF ID.AM-2 — Asset management and inventory
SAMA CSF PR.AC-1 — Access control and authentication mechanisms
SAMA CSF PR.DS-2 — Data security and encryption in transit
SAMA CSF DE.AE-1 — Anomalies and events detection
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 — Authentication
ISO 27001:2022 A.8.24 — Cryptography
ISO 27001:2022 A.8.25 — Secure development and maintenance
ISO 27001:2022 A.8.32 — Change management
🟣 PCI DSS v4.0.1
PCI DSS 2.1 — Default security parameters
PCI DSS 4.1 — Encryption of cardholder data in transit
PCI DSS 6.2 — Security patches and updates
PCI DSS 8.2 — Strong authentication mechanisms
📦 Affected Products / CPE 1 entries
sodola-network:sl902-swtgw124as_firmware