CVE-2026-27519
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections.
Analysis
Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in client-side JavaScript, allowing unauthenticated remote attackers to decrypt sensitive configuration data and compromise network confidentiality. The static key weakness eliminates the intended cryptographic protection for protected values transmitted to and from the device.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Binardat 10G08-0800GSM switches in production and document firmware versions; restrict administrative access to these devices to trusted networks only. Within 7 days: Implement network segmentation to isolate affected switches from untrusted segments; disable remote management interfaces if not operationally critical; audit access logs for suspicious activity. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today