CVE-2026-27517
Received Received - Intake
Cross-Site Scripting in Binardat 10G08-0800GSM Switch Firmware

Publication date: 2026-02-24

Last updated on: 2026-03-02

Assigner: VulnCheck

Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-03-02
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27517
EUVD
EUVD-2026-8530
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
binardat 10g08-0800gsm_firmware to V300SP10260209 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27517 is a medium-severity Cross-Site Scripting (XSS) vulnerability affecting the Binardat 10G08-0800GSM Network Switch firmware versions V300SP10260209 and earlier.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the device's web interface improperly neutralizes user input, reflecting unsanitized input back to the user. This allows an attacker to inject and execute arbitrary JavaScript code within the context of an authenticated user."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "An attacker exploiting this vulnerability can execute arbitrary JavaScript code in the context of an authenticated user on the network switch's web interface."}, {'type': 'paragraph', 'content': 'This could lead to unauthorized actions being performed on the device management interface, potentially compromising the security of the network switch.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a Cross-Site Scripting (XSS) issue in the web interface of the Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and earlier. Detection involves verifying if the web interface improperly reflects unsanitized user input.'}, {'type': 'paragraph', 'content': "To detect the vulnerability, you can attempt to inject simple JavaScript payloads into input fields of the device's web interface while authenticated and observe if the input is reflected and executed."}, {'type': 'paragraph', 'content': "Example commands or steps might include using tools like curl or a web browser's developer console to submit payloads such as <script>alert(1)</script> in form fields or URL parameters and checking for script execution."}, {'type': 'paragraph', 'content': 'However, no specific detection commands or scripts are provided in the available resources.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Users of the affected Binardat 10G08-0800GSM firmware versions V300SP10260209 and earlier should prioritize remediation to prevent exploitation.'}, {'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the device's web management interface to trusted users only, ensuring strong authentication controls, and avoiding use of vulnerable firmware versions."}, {'type': 'paragraph', 'content': 'Since the vulnerability allows script injection in the context of an authenticated user, limiting user privileges and monitoring for suspicious activity can also help reduce risk.'}, {'type': 'paragraph', 'content': 'Upgrading the firmware to a version that addresses this vulnerability, if available, is recommended as a definitive fix.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27517. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart