Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.
Published: 2026-02-24
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Plaintext password disclosure
Action: Immediate Patch
AI Analysis

Impact

User passwords are exposed in cleartext within the network switch's administrative interface and HTTP responses. The exposed information allows an adversary to recover valid credentials, potentially compromising the switch's management and network security. The weakness falls under CWE‑201 (Information Exposure) and CWE‑317 (Cryptographic Issues).

Affected Systems

Binardat Ltd. 10G08‑0800GSM Network Switch, firmware versions V300SP10260209 and earlier.

Risk and Exploitability

The vulnerability carries a high CVSS score of 8.6, but the EPSS score is below 1%, indicating a low immediate exploitation probability, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the likely attack vector is a remote attacker with access to the device’s administrative HTTP interface, which can retrieve the plaintext credentials without additional authentication.

Generated by OpenCVE AI on April 16, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update that removes plaintext password exposure (versions released after V300SP10260209).
  • Disable the HTTP administrative interface or enforce HTTPS and restrict administrative access to trusted IP addresses only.
  • Continuously monitor the network for unauthorized authentication attempts and ensure that no login credentials are transmitted in cleartext in logs or HTTP responses.

Generated by OpenCVE AI on April 16, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Thu, 26 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Binardat 10g08-0800gsm
Binardat 10g08-0800gsm Firmware
CPEs cpe:2.3:h:binardat:10g08-0800gsm:-:*:*:*:*:*:*:*
cpe:2.3:o:binardat:10g08-0800gsm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Binardat 10g08-0800gsm
Binardat 10g08-0800gsm Firmware

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Binardat
Binardat 10g08-0800gsm Network Switch
Vendors & Products Binardat
Binardat 10g08-0800gsm Network Switch

Tue, 24 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.
Title Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure
Weaknesses CWE-201
CWE-317
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Binardat 10g08-0800gsm 10g08-0800gsm Firmware 10g08-0800gsm Network Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-02T14:49:41.502Z

Reserved: 2026-02-19T19:51:07.328Z

Link: CVE-2026-27516

cve-icon Vulnrichment

Updated: 2026-02-26T19:45:31.732Z

cve-icon NVD

Status : Modified

Published: 2026-02-24T16:24:09.030

Modified: 2026-03-02T15:16:36.977

Link: CVE-2026-27516

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:30:15Z

Weaknesses