CVE-2026-27517
Cross-Site Scripting in Binardat 10G08-0800GSM Switch Firmware
Publication date: 2026-02-24
Last updated on: 2026-03-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| binardat | 10g08-0800gsm_firmware | to V300SP10260209 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27517 is a medium-severity Cross-Site Scripting (XSS) vulnerability affecting the Binardat 10G08-0800GSM Network Switch firmware versions V300SP10260209 and earlier.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the device's web interface improperly neutralizes user input, reflecting unsanitized input back to the user. This allows an attacker to inject and execute arbitrary JavaScript code within the context of an authenticated user."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "An attacker exploiting this vulnerability can execute arbitrary JavaScript code in the context of an authenticated user on the network switch's web interface."}, {'type': 'paragraph', 'content': 'This could lead to unauthorized actions being performed on the device management interface, potentially compromising the security of the network switch.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a Cross-Site Scripting (XSS) issue in the web interface of the Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and earlier. Detection involves verifying if the web interface improperly reflects unsanitized user input.'}, {'type': 'paragraph', 'content': "To detect the vulnerability, you can attempt to inject simple JavaScript payloads into input fields of the device's web interface while authenticated and observe if the input is reflected and executed."}, {'type': 'paragraph', 'content': "Example commands or steps might include using tools like curl or a web browser's developer console to submit payloads such as <script>alert(1)</script> in form fields or URL parameters and checking for script execution."}, {'type': 'paragraph', 'content': 'However, no specific detection commands or scripts are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Users of the affected Binardat 10G08-0800GSM firmware versions V300SP10260209 and earlier should prioritize remediation to prevent exploitation.'}, {'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the device's web management interface to trusted users only, ensuring strong authentication controls, and avoiding use of vulnerable firmware versions."}, {'type': 'paragraph', 'content': 'Since the vulnerability allows script injection in the context of an authenticated user, limiting user privileges and monitoring for suspicious activity can also help reduce risk.'}, {'type': 'paragraph', 'content': 'Upgrading the firmware to a version that addresses this vulnerability, if available, is recommended as a definitive fix.'}] [1]