10g08 0800gsm Firmware
Monthly
10G08-0800Gsm Firmware is affected by improper restriction of excessive authentication attempts (CVSS 7.5).
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwords as reversible Base64-encoded values in web interface cookies, allowing unauthenticated attackers with cookie access to recover plaintext passwords. This high-severity vulnerability affects confidentiality of administrative credentials with no available patch, creating significant risk for network infrastructure compromise.
Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in client-side JavaScript, allowing unauthenticated remote attackers to decrypt sensitive configuration data and compromise network confidentiality. The static key weakness eliminates the intended cryptographic protection for protected values transmitted to and from the device.
Unauthorized configuration changes in Binardat 10G08-0800GSM network switches (firmware V300SP10260209 and prior) result from missing CSRF protections in the administrative interface. An attacker can craft a malicious request to trick an authenticated administrator into modifying switch settings without their knowledge or consent. No patch is currently available for this vulnerability.
Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables attackers to execute arbitrary JavaScript within authenticated user sessions via the web interface. An attacker with network access can inject malicious scripts that execute in the context of legitimate users, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. No patch is currently available.
Binardat 10G08-0800GSM network switch firmware prior to V300SP10260209 stores administrative credentials in plaintext within the web interface and HTTP responses, enabling unauthenticated attackers to extract valid user passwords. This information disclosure vulnerability affects network administrators and can lead to unauthorized access to critical network infrastructure. No patch is currently available.
Predictable session identifiers in Binardat 10G08-0800GSM network switch. Numeric session IDs are easily guessable, enabling session hijacking.
Hardcoded admin credentials in Binardat 10G08-0800GSM network switch firmware V300SP10260209 and prior. Known credentials provide full administrative access.
Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1a character into the traceroute hostname parameter on the web management interface, allowing arbitrary CLI command execution. The vulnerability affects firmware version V300SP10260209 and earlier, and currently has no available patch. This requires valid web interface credentials but poses significant risk due to its high severity rating and network-accessible attack vector.
10G08-0800Gsm Firmware is affected by improper restriction of excessive authentication attempts (CVSS 7.5).
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwords as reversible Base64-encoded values in web interface cookies, allowing unauthenticated attackers with cookie access to recover plaintext passwords. This high-severity vulnerability affects confidentiality of administrative credentials with no available patch, creating significant risk for network infrastructure compromise.
Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in client-side JavaScript, allowing unauthenticated remote attackers to decrypt sensitive configuration data and compromise network confidentiality. The static key weakness eliminates the intended cryptographic protection for protected values transmitted to and from the device.
Unauthorized configuration changes in Binardat 10G08-0800GSM network switches (firmware V300SP10260209 and prior) result from missing CSRF protections in the administrative interface. An attacker can craft a malicious request to trick an authenticated administrator into modifying switch settings without their knowledge or consent. No patch is currently available for this vulnerability.
Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables attackers to execute arbitrary JavaScript within authenticated user sessions via the web interface. An attacker with network access can inject malicious scripts that execute in the context of legitimate users, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. No patch is currently available.
Binardat 10G08-0800GSM network switch firmware prior to V300SP10260209 stores administrative credentials in plaintext within the web interface and HTTP responses, enabling unauthenticated attackers to extract valid user passwords. This information disclosure vulnerability affects network administrators and can lead to unauthorized access to critical network infrastructure. No patch is currently available.
Predictable session identifiers in Binardat 10G08-0800GSM network switch. Numeric session IDs are easily guessable, enabling session hijacking.
Hardcoded admin credentials in Binardat 10G08-0800GSM network switch firmware V300SP10260209 and prior. Known credentials provide full administrative access.
Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1a character into the traceroute hostname parameter on the web management interface, allowing arbitrary CLI command execution. The vulnerability affects firmware version V300SP10260209 and earlier, and currently has no available patch. This requires valid web interface credentials but poses significant risk due to its high severity rating and network-accessible attack vector.