Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

10g08-0800gsm

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

9
Related CVEsRelated VendorsRelated AssignersReports
9Vulnerabilities found
CVE-2026-27521
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.41%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:08
Updated-26 Feb, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2026-27520
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.02% / 5.34%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:07
Updated-26 Feb, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2026-27519
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.02% / 5.51%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:07
Updated-27 Feb, 2026 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2026-27518
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 2.57%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:06
Updated-27 Feb, 2026 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch CSRF

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-27517
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:06
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch XSS

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27516
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.02% / 5.30%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:05
Updated-26 Feb, 2026 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-317
Cleartext Storage of Sensitive Information in GUI
CVE-2026-27515
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 8.60%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:04
Updated-27 Feb, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2026-27507
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 12.44%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:04
Updated-27 Feb, 2026 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Hard-coded Credentials

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-23678
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.24% / 47.54%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:03
Updated-27 Feb, 2026 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')