Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Binardat Switch Web Interface Allows Hacker Access
CVE-2026-23678
Summary
An attacker who logs in to the web interface of affected Binardat switches can execute commands on the device by injecting a specific character into a field. This allows the attacker to potentially take control of the switch. Update the firmware to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| binardat | 10g08-0800gsm_firmware | <= V300SP10260209 | – |
Original title
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management...
Original description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-78
OS Command Injection
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026