Cyber Resilience

CVE-2026-27516

HighPublic PoC

Published: 24 February 2026

Published
24 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 7.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27516 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability in Binardat 10G08-0800Gsm Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2026-27516 is a vulnerability in the Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior, where user passwords are exposed in plaintext within the administrative interface and HTTP responses. This flaw allows recovery of valid credentials and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). It maps to CWE-201 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-317 (Cleartext Storage of Sensitive Information).

The vulnerability can be exploited by any unauthenticated attacker with network access to the affected switch, requiring low complexity and no user interaction. Successful exploitation enables the attacker to read plaintext passwords from the admin interface or HTTP responses, compromising confidentiality and potentially leading to full administrative control over the device.

Advisories and vendor resources provide further details on the issue, including the VulnCheck advisory at https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-plaintext-password-exposure and the Binardat product page at https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

The vulnerability exposes plaintext passwords in the unauthenticated administrative web interface and HTTP responses of a network switch (public-facing application), directly enabling credential recovery via T1190 and facilitating T1552 Unsecured Credentials access that can lead to administrative control.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27520Same product: Binardat 10G08-0800Gsm
CVE-2026-27519Same product: Binardat 10G08-0800Gsm
CVE-2026-27515Same product: Binardat 10G08-0800Gsm
CVE-2026-23678Same product: Binardat 10G08-0800Gsm
CVE-2026-27507Same product: Binardat 10G08-0800Gsm
CVE-2026-27521Same product: Binardat 10G08-0800Gsm
CVE-2020-37093Shared CWE-201
CVE-2020-37150Shared CWE-201
CVE-2026-42746Shared CWE-201
CVE-2026-42673Shared CWE-201

Affected Assets

binardat
10g08-0800gsm firmware
≤ V300SP10260209

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like this firmware vulnerability exposing plaintext passwords in the administrative interface and HTTP responses.

prevent

Mandates cryptographic mechanisms to protect sensitive information such as passwords at rest, directly preventing plaintext storage and exposure in interfaces and responses.

prevent

Requires protection of authenticator content from unauthorized disclosure and modification, addressing the plaintext exposure of user passwords.

References