CVE-2026-27515 | THREATINT

Description

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.

PUBLISHED Reserved 2026-02-19 | Published 2026-02-24 | Updated 2026-02-24 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-330 Use of Insufficiently Random Values

Product status

Default status

unaffected

Any version before V300SP10260209

affected

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. finder

References

www.binardat.com/...al-fanless-fiber-binardat-network-switch product

www.vulncheck.com/...-switch-predictable-session-identifiers third-party-advisory

cve.org (CVE-2026-27515)

nvd.nist.gov (CVE-2026-27515)

Download JSON