PT-2026-21749 · Binardat · Binardat 10G08-0800Gsm
Kazuma Matsumoto
·
Published
2026-02-24
·
Updated
2026-03-01
·
CVE-2026-23678
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and prior
Description
The Binardat 10G08-0800GSM network switch firmware contains a command injection issue within the traceroute diagnostic function of the web management interface. An authenticated attacker can execute arbitrary CLI commands on the device by injecting the
%1a character into the hostname parameter. This is due to improper input validation.Recommendations
Versions prior to V300SP10260209 should be updated.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Binardat 10G08-0800Gsm