Description
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.
Published: 2026-02-24
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Session Hijacking
Action: Immediate Patch
AI Analysis

Impact

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. This predictable session ID generation (CWE‑330) allows an attacker to guess valid session IDs and hijack authenticated sessions, effectively gaining unauthorized administrative access to the switch and potentially compromising the entire network segment.

Affected Systems

Vendors: Binardat Ltd.; Product: 10G08-0800GSM Network Switch; Affected Firmware: all versions prior to V300SP10260209.

Risk and Exploitability

The flaw has a CVSS score of 9.3, indicating a severe impact, but the EPSS score is below 1%, suggesting that the likelihood of exploitation is currently low. The vulnerability is not listed in CISA’s KEV catalog. An attacker who can reach the device’s management interface over the network could exploit the flaw by simply guessing session identifiers. The attack does not require local access or privileged credentials, making it potentially reachable from a compromised host within the same subnet or, if exposed, remotely. Given the high severity combined with the possibility of remote exploitation, organizations should consider this a high‑priority risk.

Generated by OpenCVE AI on April 16, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the switch firmware to version V300SP10260209 or later to eliminate predictable session identifiers.
  • Limit remote access to the web management interface by permitting only trusted IP addresses or via a VPN tunnel.
  • Implement network segmentation and monitor for anomalous session usage to detect potential hijacking attempts.

Generated by OpenCVE AI on April 16, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Binardat 10g08-0800gsm
Binardat 10g08-0800gsm Firmware
CPEs cpe:2.3:h:binardat:10g08-0800gsm:-:*:*:*:*:*:*:*
cpe:2.3:o:binardat:10g08-0800gsm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Binardat 10g08-0800gsm
Binardat 10g08-0800gsm Firmware

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Binardat
Binardat 10g08-0800gsm Network Switch
Vendors & Products Binardat
Binardat 10g08-0800gsm Network Switch

Tue, 24 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.
Title Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers
Weaknesses CWE-330
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Binardat 10g08-0800gsm 10g08-0800gsm Firmware 10g08-0800gsm Network Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-27T18:58:38.289Z

Reserved: 2026-02-19T19:51:07.328Z

Link: CVE-2026-27515

cve-icon Vulnrichment

Updated: 2026-02-27T18:58:34.401Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T16:24:08.830

Modified: 2026-02-25T17:25:03.020

Link: CVE-2026-27515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:30:15Z

Weaknesses