CVE-2026-27516
Received Received - Intake
Plaintext Password Exposure in Binardat 10G08-0800GSM Switch Firmware

Publication date: 2026-02-24

Last updated on: 2026-03-02

Assigner: VulnCheck

Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-03-02
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27516
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
binardat 10g08-0800gsm_firmware to V300SP10260209 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
CWE-317 The product stores sensitive information in cleartext within the GUI.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27516 affects the Binardat 10G08-0800GSM network switch, specifically firmware versions V300SP10260209 and earlier.

The vulnerability involves the exposure of user passwords in plaintext within the administrative interface and HTTP responses.

This flaw allows attackers to recover valid credentials without encryption or protection, making it easier for unauthorized users to gain access.

It is classified under CWE-201 (Insertion of Sensitive Information Into Sent Data) and CWE-317 (Cleartext Storage of Sensitive Information in GUI).

Impact Analysis

This vulnerability poses significant risks as it enables unauthorized access to administrative credentials.

Attackers can exploit the plaintext password exposure to compromise the network switch and associated infrastructure.

The impact includes high confidentiality and integrity loss, potentially allowing attackers to control or disrupt network operations.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by inspecting the administrative interface and HTTP responses of the Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior for plaintext user passwords.'}, {'type': 'paragraph', 'content': 'Commands or methods to detect this issue would involve capturing HTTP traffic to the switch and searching for plaintext passwords in the responses.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool such as tcpdump or Wireshark to capture HTTP traffic to and from the switch.'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -i <interface> -A -s 0 'tcp port 80 and host <switch_ip>'"}, {'type': 'list_item', 'content': 'Inspect the captured HTTP responses for any plaintext password strings or credentials.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the administrative interface of the Binardat 10G08-0800GSM network switch to trusted networks only.

Additionally, monitor and limit HTTP access to the device, and consider disabling HTTP access if possible.

Since the vulnerability exposes plaintext passwords, changing all administrative passwords after applying any available firmware updates or patches is critical.

Contact the vendor or check for firmware updates that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27516. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart