Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes.
Published: 2026-02-24
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized configuration changes via CSRF
Action: Patch
AI Analysis

Impact

Firmware V300SP10260209 and earlier for the Binardat 10G08-0800GSM switch lack protections against CSRF for state‑changing administrative actions. An attacker who can lure an authenticated administrator into visiting a malicious link can force the device to apply configuration changes. The weakness is classified as CWE‑352 and results in unauthorized modification of switch settings, which can affect availability and integrity of network traffic.

Affected Systems

Binardat Ltd. 10G08-0800GSM Network Switch, firmware version V300SP10260209 and earlier are affected.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity, while the EPSS score of less than 1 % reflects a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to obtain administrator credentials or rely on social engineering to trick an authenticated administrator into executing a crafted request. Consequently, the risk is moderate but the likelihood of widespread exploitation remains low unless a targeted threat actor focuses on the affected device.

Generated by OpenCVE AI on April 18, 2026 at 10:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the switch firmware to a version that implements CSRF protection.
  • Limit access to the administrative web interface to a secure VPN or isolated VLAN and restrict it to trusted administrators.
  • Train administrators to recognize and avoid clicking untrusted links while logged into the switch management console.

Generated by OpenCVE AI on April 18, 2026 at 10:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Binardat 10g08-0800gsm
Binardat 10g08-0800gsm Firmware
CPEs cpe:2.3:h:binardat:10g08-0800gsm:-:*:*:*:*:*:*:*
cpe:2.3:o:binardat:10g08-0800gsm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Binardat 10g08-0800gsm
Binardat 10g08-0800gsm Firmware

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Binardat
Binardat 10g08-0800gsm Network Switch
Vendors & Products Binardat
Binardat 10g08-0800gsm Network Switch

Tue, 24 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes.
Title Binardat 10G08-0800GSM Network Switch CSRF
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Binardat 10g08-0800gsm 10g08-0800gsm Firmware 10g08-0800gsm Network Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-27T16:27:58.158Z

Reserved: 2026-02-19T19:51:07.328Z

Link: CVE-2026-27518

cve-icon Vulnrichment

Updated: 2026-02-27T16:27:52.863Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T16:24:09.407

Modified: 2026-02-25T17:13:33.390

Link: CVE-2026-27518

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:00:05Z

Weaknesses