CVE-2026-23678
Received Received - Intake
Command Injection in Binardat 10G08-0800GSM Switch Firmware

Publication date: 2026-02-24

Last updated on: 2026-02-25

Assigner: VulnCheck

Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23678
EUVD
EUVD-2026-8528
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
binardat 10g08-0800gsm_firmware to V300SP10260209 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-23678 is a command injection vulnerability found in the Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and earlier.'}, {'type': 'paragraph', 'content': "The vulnerability exists in the traceroute diagnostic function of the device's web management interface."}, {'type': 'paragraph', 'content': 'An authenticated attacker who has access to the web interface can exploit this flaw by injecting the ASCII control character %1a into the hostname parameter.'}, {'type': 'paragraph', 'content': 'This injection allows the attacker to execute arbitrary command-line interface (CLI) commands on the device, potentially gaining unauthorized control.'}] [2]

Impact Analysis

This vulnerability can have a severe impact as it allows an authenticated attacker to execute arbitrary commands on the affected network switch.

Such unauthorized command execution can compromise the confidentiality, integrity, and availability of the device and the network it manages.

Potential impacts include unauthorized control over network traffic, disruption of network services, and exposure of sensitive network configuration or data.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by testing the traceroute diagnostic function of the Binardat 10G08-0800GSM network switch web management interface for command injection via the hostname parameter.

Specifically, an authenticated user can attempt to inject the ASCII control character %1a into the hostname parameter in the traceroute function to see if arbitrary CLI commands can be executed.

Since the vulnerability requires authentication, detection commands or tests should be performed by logging into the web interface and using the traceroute diagnostic tool with crafted inputs.

No specific command-line commands are provided in the available resources, but testing the traceroute hostname input with payloads containing %1a or similar control characters is the suggested approach.

Mitigation Strategies

Immediate mitigation steps include restricting access to the web management interface to trusted and authenticated users only, as exploitation requires authentication.

Monitor and limit user privileges on the device to reduce the risk of command injection exploitation.

Check for and apply any available firmware updates from Binardat that address this vulnerability, as the issue affects firmware version V300SP10260209 and prior.

If a patch is not yet available, consider disabling or restricting the traceroute diagnostic function on the web interface if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23678. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart