CVE-2026-27515
CRITICALBinardat 10G08-0800GSM <V300SP10260209 - Auth Bypass
Title source: llmDescription
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.
References (2)
Core 2
Core References
Various Sources product
https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-predictable-session-identifiers
Scores
CVSS v3
9.1
EPSS
0.0032
EPSS Percentile
23.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-330
Status
published
Products (1)
binardat/10g08-0800gsm_firmware
< V300SP10260209
Published
Feb 24, 2026
Tracked Since
Feb 24, 2026