PT-2026-21749 · Binardat · Binardat 10G08-0800Gsm
Kazuma Matsumoto
·
Publicado
2026-02-24
·
Atualizado
2026-03-01
·
CVE-2026-23678
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and prior
Description
The Binardat 10G08-0800GSM network switch firmware contains a command injection issue within the traceroute diagnostic function of the web management interface. An authenticated attacker can execute arbitrary CLI commands on the device by injecting the
%1a character into the hostname parameter. This is due to improper input validation.Recommendations
Versions prior to V300SP10260209 should be updated.
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Binardat 10G08-0800Gsm