CVE-2026-27516

7.5 HIGH

📋 TL;DR

Binardat 10G08-0800GSM network switches expose administrative passwords in plaintext within the web interface and HTTP responses, allowing attackers to recover valid credentials. This affects firmware version V300SP10260209 and prior. Network administrators using these switches are at risk of unauthorized access.

💻 Affected Systems

Products:

• Binardat 10G08-0800GSM network switch

Versions: V300SP10260209 and prior

Operating Systems: Embedded switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using affected firmware versions are vulnerable as the plaintext exposure occurs in standard HTTP responses.

📦 What is this software?

10g08 0800gsm Firmware by Binardat

View all CVEs affecting 10g08 0800gsm Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full network compromise where attackers gain administrative access to switches, enabling network traffic interception, configuration changes, and lateral movement to other systems.

🟠

Likely Case

Unauthorized administrative access to network switches leading to configuration tampering, service disruption, and potential credential reuse attacks.

🟢

If Mitigated

Limited impact if switches are isolated in management VLANs with strict access controls, though credential exposure remains a concern.

🌐 Internet-Facing: HIGH if administrative interface is exposed to internet, as plaintext passwords can be easily harvested.

🏢 Internal Only: MEDIUM as internal attackers or compromised systems could still harvest credentials from HTTP responses.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to administrative interface or ability to intercept HTTP responses, but plaintext password recovery is trivial once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check vendor website for firmware updates. If available, download latest firmware and follow vendor's upgrade procedure for Binardat 10G08-0800GSM switches.

🔧 Temporary Workarounds

Restrict administrative interface access

all

Limit access to switch administrative interface to trusted management networks only

Implement network segmentation

all

Place switches in dedicated management VLAN with strict firewall rules

🧯 If You Can't Patch

• Change all administrative passwords immediately and monitor for unauthorized access
• Implement network monitoring for unusual access patterns to switch management interfaces

🔍 How to Verify

Check if Vulnerable:

Copy

Access switch web interface, inspect HTTP responses or page source for plaintext password fields during authentication processes

Check Version:

Copy

Check firmware version in switch web interface under System Information or via CLI: 'show version'

Verify Fix Applied:

Copy

After firmware update, verify passwords are no longer visible in plaintext in HTTP responses or page source

📡 Detection & Monitoring

Log Indicators:

• Multiple failed login attempts followed by successful login from unusual IP
• Configuration changes from unauthorized sources

Network Indicators:

• Unusual HTTP traffic to switch management interface
• Traffic patterns suggesting credential harvesting

SIEM Query:

Copy

source_ip=switch_management_interface AND (event_type=authentication_success OR event_type=configuration_change)

📊 Metadata

CVE ID: CVE-2026-27516

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-201

Published: February 24, 2026

Last Updated: March 2, 2026

🔗 References

• https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch Product
• https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-plaintext-password-exposure Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27516, you might also want to check these:

CVE-2020-27127 9.9

This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary code with elevated...

Same vulnerability type (CWE-201)

CVE-2020-27133 9.9

CVE-2020-27133 is a critical vulnerability in Cisco Jabber that allows attackers to execute arbitrar...

Same vulnerability type (CWE-201)

CVE-2020-26085 9.9

This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary programs with elev...

Same vulnerability type (CWE-201)