10g08 0800gsm Firmware
CVE-2026-23678
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.
AnalysisAI
Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1a character into the traceroute hostname parameter on the web management interface, allowing arbitrary CLI command execution. The vulnerability affects firmware version V300SP10260209 and earlier, and currently has no available patch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Authenticated access to Binardat 10G08-0800GSM web management interface; firmware version V300SP10260209 or prior; traceroute diagnostic feature must be accessible to authenticated users. Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker (requires authentication) could exploit this vulnerability to compromise the affected system. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Binardat 10G08-0800GSM switches running V300SP10260209 or earlier and restrict web management access to trusted administrative networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in 10g08 0800gsm Firmware
View allHardcoded admin credentials in Binardat 10G08-0800GSM network switch firmware V300SP10260209 and prior. Known credential
Predictable session identifiers in Binardat 10G08-0800GSM network switch. Numeric session IDs are easily guessable, enab
10G08-0800Gsm Firmware is affected by improper restriction of excessive authentication attempts (CVSS 7.5).
Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in clie
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwor
Binardat 10G08-0800GSM network switch firmware prior to V300SP10260209 stores administrative credentials in plaintext wi
Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables att
Unauthorized configuration changes in Binardat 10G08-0800GSM network switches (firmware V300SP10260209 and prior) result
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today