CVE-2026-27515

EPSS 0.04%
Veröffentlicht 24.02.2026 15:04:41
Zuletzt bearbeitet 25.02.2026 17:25:03
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Binardat ≫ 10g08-0800gsm Firmware Version <= V300SP10260209

Binardat ≫ 10g08-0800gsm Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch

Product

https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-predictable-session-identifiers

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27515

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27515

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27515

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27515