Description
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.
Published: 2026-04-03
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Administrative Access
Action: Immediate Patch
AI Analysis

Impact

The flaw permits an attacker to bypass authentication by using a hardcoded string in the login mechanism, enabling unrestricted management of the switch. Consequently, an adversary could reconfigure network settings, expose confidential traffic, or create persistence channels, threatening the confidentiality, integrity, and availability of the network infrastructure.

Affected Systems

Belden’s GarrettCom Magnum 6K and 10K managed switches are affected. The vulnerability is present whenever the firmware includes the hardcoded authentication string, and no specific firmware ranges are listed, so any device still shipping with this flaw is potentially at risk.

Risk and Exploitability

A CVSS score of 9.3 indicates a severe risk level. No public exploit probability data is available, and the issue is not yet cataloged as a known exploited vulnerability, implying no widespread exploitation campaign is documented. The attacker would likely connect directly to the switch’s management interface over the network to leverage the hardcoded credentials; no privileged credentials are required, making the vulnerability highly attractive for compromise.

Generated by OpenCVE AI on April 4, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the GarrettCom product page for firmware updates that address the authentication bypass issue
  • If an update exists, flash the switch with the new firmware as soon as possible
  • If no update is available, disable remote management interfaces or restrict access to trusted networks
  • Apply network segmentation to limit management traffic to a secure subnet
  • Enforce strong, unique passwords for all administrative accounts and implement password policies
  • Monitor switch logs for suspicious activity and audit configuration changes frequently

Generated by OpenCVE AI on April 4, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Belden
Belden garrettcom Magnum 6k And 10k Managed Switches
Vendors & Products Belden
Belden garrettcom Magnum 6k And 10k Managed Switches

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.
Title GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Belden Garrettcom Magnum 6k And 10k Managed Switches
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:06:07.651Z

Reserved: 2026-04-03T18:00:44.958Z

Link: CVE-2017-20234

cve-icon Vulnrichment

Updated: 2026-04-06T18:05:39.085Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T23:17:00.087

Modified: 2026-04-07T13:20:55.200

Link: CVE-2017-20234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T22:21:34Z

Weaknesses