CVE-2026-27519

7.5 HIGH

Authentication Bypass

📋 TL;DR

This vulnerability in Binardat 10G08-0800GSM network switches allows attackers to decrypt protected data due to the use of RC4 encryption with a hard-coded key embedded in client-side JavaScript. Anyone using firmware version V300SP10260209 or earlier is affected, potentially exposing sensitive network configuration and management data.

💻 Affected Systems

Products:

• Binardat 10G08-0800GSM network switch

Versions: V300SP10260209 and prior

Operating Systems: Embedded switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable regardless of configuration.

📦 What is this software?

10g08 0800gsm Firmware by Binardat

View all CVEs affecting 10g08 0800gsm Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of encrypted configuration data, credentials, and management traffic, allowing attackers to reconfigure switches, intercept traffic, or disrupt network operations.

🟠

Likely Case

Exposure of sensitive configuration data and management credentials, potentially leading to unauthorized network access or configuration changes.

🟢

If Mitigated

Limited exposure if switches are isolated from untrusted networks and management interfaces are properly secured.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the switch's management interface but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Binardat website for firmware updates
2. Download latest firmware if available
3. Upload firmware to switch via web interface
4. Reboot switch after update

🔧 Temporary Workarounds

Isolate management interface

all

Restrict access to switch management interface to trusted networks only

Copy

Configure ACLs to restrict management access

Disable web management

all

Use CLI management only if web interface not required

Copy

disable web-management via CLI

🧯 If You Can't Patch

• Segment switches on isolated management VLAN
• Implement network monitoring for unusual management traffic

🔍 How to Verify

Check if Vulnerable:

Copy

Check firmware version via web interface or CLI: show version

Check Version:

Copy

show version

Verify Fix Applied:

Copy

Verify firmware version is newer than V300SP10260209

📡 Detection & Monitoring

Log Indicators:

• Multiple failed decryption attempts
• Unusual management interface access patterns

Network Indicators:

• Unusual traffic to switch management ports
• RC4 encryption patterns in network traffic

SIEM Query:

Copy

source_ip=switch_management_interface AND (protocol=HTTP OR protocol=HTTPS) AND bytes_transferred>threshold

📊 Metadata

CVE ID: CVE-2026-27519

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-321

Published: February 24, 2026

Last Updated: February 25, 2026

🔗 References

• https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch Product
• https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-hard-coded-rc4-encryption-key Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27519, you might also want to check these:

CVE-2024-30207 10.0

This vulnerability affects multiple SIMATIC RTLS Locating Manager products where communication betwe...

Same vulnerability type (CWE-321)

CVE-2025-34256 9.8

This vulnerability allows remote unauthenticated attackers to forge JWT tokens using a hard-coded cr...

Same vulnerability type (CWE-321)

CVE-2026-25894 9.8

An insecure default configuration in FUXA web-based SCADA/HMI software allows unauthenticated remote...

Same vulnerability type (CWE-321)