CVE-2026-27516
Received Received - Intake

Plaintext Password Exposure in Binardat 10G08-0800GSM Switch Firmware

Vulnerability report for CVE-2026-27516, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-24

Last updated on: 2026-03-02

Assigner: VulnCheck

Description

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-24
Last Modified
2026-03-02
Generated
2026-07-06
AI Q&A
2026-02-24
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
binardat 10g08-0800gsm_firmware to V300SP10260209 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-317 The product stores sensitive information in cleartext within the GUI.
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-27516 affects the Binardat 10G08-0800GSM network switch, specifically firmware versions V300SP10260209 and earlier.

The vulnerability involves the exposure of user passwords in plaintext within the administrative interface and HTTP responses.

This flaw allows attackers to recover valid credentials without encryption or protection, making it easier for unauthorized users to gain access.

It is classified under CWE-201 (Insertion of Sensitive Information Into Sent Data) and CWE-317 (Cleartext Storage of Sensitive Information in GUI).

Impact Analysis

This vulnerability poses significant risks as it enables unauthorized access to administrative credentials.

Attackers can exploit the plaintext password exposure to compromise the network switch and associated infrastructure.

The impact includes high confidentiality and integrity loss, potentially allowing attackers to control or disrupt network operations.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by inspecting the administrative interface and HTTP responses of the Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior for plaintext user passwords.'}, {'type': 'paragraph', 'content': 'Commands or methods to detect this issue would involve capturing HTTP traffic to the switch and searching for plaintext passwords in the responses.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool such as tcpdump or Wireshark to capture HTTP traffic to and from the switch.'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -i <interface> -A -s 0 'tcp port 80 and host <switch_ip>'"}, {'type': 'list_item', 'content': 'Inspect the captured HTTP responses for any plaintext password strings or credentials.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the administrative interface of the Binardat 10G08-0800GSM network switch to trusted networks only.

Additionally, monitor and limit HTTP access to the device, and consider disabling HTTP access if possible.

Since the vulnerability exposes plaintext passwords, changing all administrative passwords after applying any available firmware updates or patches is critical.

Contact the vendor or check for firmware updates that address this vulnerability and apply them as soon as they become available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27516. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart