Vulnerability Details CVE-2026-23678
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.5%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2026-23678
-
cpe:2.3:h:binardat:10g08-0800gsm:-
-
cpe:2.3:o:binardat:10g08-0800gsm_firmware:*