10G08-0800GSM
by Binardat
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27521 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials. | |||
| CVE-2026-27520 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password. | |||
| CVE-2026-27518 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes. | |||
| CVE-2026-27517 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user. | |||
| CVE-2026-27516 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials. | |||
| CVE-2026-27515 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions. | |||
| CVE-2026-27507 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device. | |||
| CVE-2026-23678 | 0.00 | — | 0.00 | Feb 24, 2026 | Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device. |
- CVE-2026-27521Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials.
- CVE-2026-27520Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.
- CVE-2026-27518Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes.
- CVE-2026-27517Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user.
- CVE-2026-27516Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.
- CVE-2026-27515Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.
- CVE-2026-27507Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device.
- CVE-2026-23678Feb 24, 2026risk 0.00cvss —epss 0.00
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.