CVE-2026-27507

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

Binardat 10G08-0800GSM network switches contain hard-coded administrative credentials that cannot be changed, allowing attackers with knowledge of these credentials to gain full administrative access. This affects all devices running firmware version V300SP10260209 and prior. Network administrators using these switches are at risk of complete device compromise.

💻 Affected Systems

Products:

• Binardat 10G08-0800GSM network switch

Versions: Firmware version V300SP10260209 and prior

Operating Systems: Embedded switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with affected firmware versions are vulnerable regardless of configuration. The hard-coded credentials are embedded in the firmware and cannot be changed by users.

📦 What is this software?

10g08 0800gsm Firmware by Binardat

View all CVEs affecting 10g08 0800gsm Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network compromise: attackers gain administrative control over switches, enabling traffic interception, network segmentation bypass, denial of service, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized administrative access leading to network configuration changes, traffic monitoring, and potential data exfiltration from connected systems.

🟢

If Mitigated

Limited impact if switches are isolated in secure network segments with strict access controls and monitoring, though credentials remain vulnerable to insider threats.

🌐 Internet-Facing: HIGH - If switches are exposed to the internet, attackers can directly exploit the hard-coded credentials without any authentication.

🏢 Internal Only: HIGH - Even internally, any user with network access can exploit these credentials if they reach the management interface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the hard-coded credentials and network access to the management interface. No special tools or skills needed beyond basic network knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Check Binardat website for firmware updates. 2. Download latest firmware if available. 3. Upload firmware to switch via web interface or CLI. 4. Reboot switch to apply update.

🔧 Temporary Workarounds

Network segmentation and access control

all

Isolate switch management interfaces to dedicated secure VLANs with strict firewall rules limiting access to authorized administrative IPs only.

Disable remote management

all

Disable web/SSH/Telnet management on all interfaces except dedicated management ports, and disable unused management protocols.

🧯 If You Can't Patch

• Replace affected switches with different models that don't have hard-coded credentials
• Implement network monitoring and intrusion detection specifically for unauthorized access attempts to switch management interfaces

🔍 How to Verify

Check if Vulnerable:

Copy

Check firmware version via switch web interface or CLI. If version is V300SP10260209 or earlier, device is vulnerable.

Check Version:

Copy

show version (CLI) or check System Information in web interface

Verify Fix Applied:

Copy

Verify firmware version has been updated beyond V300SP10260209. Attempt to change administrative credentials - if successful, fix is working.

📡 Detection & Monitoring

Log Indicators:

• Failed login attempts followed by successful login with default credentials
• Configuration changes from unexpected IP addresses
• Multiple administrative logins from unusual locations

Network Indicators:

• Unauthorized access to switch management ports (TCP 22, 23, 80, 443)
• Traffic patterns suggesting switch configuration changes

SIEM Query:

Copy

source="switch_logs" (event_type="login_success" AND user="admin") OR (event_type="config_change" AND NOT src_ip IN [admin_ips])

📊 Metadata

CVE ID: CVE-2026-27507

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: February 24, 2026

Last Updated: February 25, 2026

🔗 References

• https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch Product
• https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-hard-coded-credentials Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27507, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)

CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)

CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)