CVE-2026-27519 - Vulnerability Details

- Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key

Description

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections.

Published: 2026-02-24

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the firmware version V300SP10260209 and earlier of Binardat's 10G08‑0800GSM network switch. The device uses RC4 encryption with a hard‑coded key embedded in client‑side JavaScript. Because the key is static and exposed in the source code, an attacker who can access the management web interface or obtain the firmware image can retrieve the key and decrypt any values protected by RC4, thereby breaking confidentiality protections.

Affected Systems

The affected hardware is Binardat Ltd.'s 10G08‑0800GSM switch, which serves 8‑port 10‑gigabit SFP‑managed networking with L3 web management. Any unit running firmware V300SP10260209 or earlier is impacted. No other product versions were identified as vulnerable.

Risk and Exploitability

The CVSS base score of 8.7 reflects a high severity due to the potential for confidentiality loss without authentication, but the EPSS is less than 1%, indicating that exploitation is currently unlikely. The vulnerability is not listed in KEV, suggesting no widely known exploitation. An attacker could glean the key by downloading the page containing the JavaScript or by reverse‑engineering the firmware. The static nature of the key means the flaw remains even after multiple firmware releases until the key is removed or encryption hardened.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Binardat Ltd.

10G08-0800GSM Network Switch

unaffected

Version	Status	Constraints
`0`	affected	≤ V300SP10260209

Configuration 1 [-]

AND

cpe:2.3:o:binardat:10g08-0800gsm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:binardat:10g08-0800gsm:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Binardat

10g08-0800gsm Network Switch

100%

Version	Status	Scheme	Platform
`[0,V300SP10260209]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Obtain and install an updated firmware release that removes the hard‑coded RC4 key or replaces it with a stronger encryption mechanism.
If an upgrade is not immediately available, disable the management features that expose the vulnerable JavaScript code or block access to the affected pages.
Restrict management interface access to trusted networks, VPNs, or IP ranges to limit exposure to potential attackers.
Monitor network and device logs for anomalous access attempts and perform regular security reviews of the switch configuration.

Generated by OpenCVE AI on April 17, 2026 at 15:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch
https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-hard-coded-rc4-encryption-key

History

Sat, 28 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Feb 2026 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Binardat 10g08-0800gsm Binardat 10g08-0800gsm Firmware
CPEs		cpe:2.3:h:binardat:10g08-0800gsm:-:::::::* cpe:2.3:o:binardat:10g08-0800gsm_firmware::::::::
Vendors & Products		Binardat 10g08-0800gsm Binardat 10g08-0800gsm Firmware

Wed, 25 Feb 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Binardat Binardat 10g08-0800gsm Network Switch
Vendors & Products		Binardat Binardat 10g08-0800gsm Network Switch

Tue, 24 Feb 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections.
Title		Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Weaknesses		CWE-321 CWE-327
References		https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-hard-coded-rc4-encryption-key
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Binardat 10g08-0800gsm 10g08-0800gsm Firmware 10g08-0800gsm Network Switch

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-02-24T15:07:10.410Z

Updated: 2026-02-27T16:27:19.626Z

Reserved: 2026-02-19T19:51:07.329Z

Link: CVE-2026-27519

Vulnrichment

Updated: 2026-02-27T16:26:24.534Z

NVD

Status : Analyzed

Published: 2026-02-24T16:24:09.607

Modified: 2026-02-25T17:25:22.070

Link: CVE-2026-27519

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T15:45:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object