CVE-2026-23678

High CVSS: 8.7

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.

Vendor

Binardat

Product

10g08-0800gsm Firmware

CWE

CWE-78

Yayın Tarihi

2026-02-24 16:24:08

Güncelleme

2026-02-25 17:12:08

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 10g08-0800gsm Firmware HIGH Binardat 2026

Referanslar

https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-traceroute-cli-command-injection

Benzer Kayıtlar

Medium

CVE-2026-27521

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or accoun…

High

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext withi…

Medium

CVE-2026-27517

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the we…

Medium

CVE-2026-27518

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing…

High

CVE-2026-27519

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded i…

High

CVE-2026-27520

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side c…