CVE-2026-27515

CRITICAL

Binardat 10G08-0800GSM <V300SP10260209 - Auth Bypass

Title source: llm

Description

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.

References (2)

[Various Sources] https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch

[Third Party Advisory] https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-predictable-session-identifiers

Scores

CVSS v3 9.1

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-330

Status published

Products (1)

binardat/10g08-0800gsm_firmware < V300SP10260209

Published Feb 24, 2026

Tracked Since Feb 24, 2026