TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-27515

CRITICAL
9.1

Beschreibung

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.

CVE Details

CVSS v3.1 Bewertung9.1
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/24/2026
Zuletzt geandert2/25/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

binardat:10g08-0800gsmbinardat:10g08-0800gsm_firmware

Schwachen (CWE)

CWE-330

Referenzen

https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-predictable-session-identifiers(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.