CVE-2026-27521— Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-27521
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting
Source: NVD (National Vulnerability Database)
Vulnerability Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
过多认证尝试的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Binardat 10G08-0800GSM 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Binardat 10G08-0800GSM是中国Binardat公司的一款高性能交换机。 Binardat 10G08-0800GSM Network SwitchV300SP10260209及之前版本存在安全漏洞,该漏洞源于未对失败的登录尝试实施速率限制或账户锁定,可能导致暴力破解攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Binardat Ltd. | 10G08-0800GSM Network Switch | 0 ~ V300SP10260209 | - |
II. Public POCs for CVE-2026-27521
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-27521
请登录查看更多情报信息。
Same Patch Batch · Binardat Ltd. · 2026-02-24 · 9 CVEs total
| CVE-2026-27507 | 9.8 CRITICAL | Binardat 10G08-0800GSM Network Switch Hard-coded Credentials |
| CVE-2026-27515 | 9.1 CRITICAL | Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers |
| CVE-2026-23678 | 8.8 HIGH | Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection |
| CVE-2026-27516 | 7.5 HIGH | Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure |
| CVE-2026-27519 | 7.5 HIGH | Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key |
| CVE-2026-27520 | 7.5 HIGH | Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie |
| CVE-2026-27517 | 6.1 MEDIUM | Binardat 10G08-0800GSM Network Switch XSS |
| CVE-2026-27518 | 4.3 MEDIUM | Binardat 10G08-0800GSM Network Switch CSRF |
IV. Related Vulnerabilities
Same product: 10G08-0800GSM Network Switch
- CVE-2026-27520
Binardat 10G08-0800GSM Network Switch Base64-encoded Passwor - CVE-2026-27519
Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encrypt - CVE-2026-27518
Binardat 10G08-0800GSM Network Switch CSRF - CVE-2026-27517
Binardat 10G08-0800GSM Network Switch XSS - CVE-2026-27516
Binardat 10G08-0800GSM Network Switch Plaintext Password Exp
Same vendor: Binardat Ltd.
- CVE-2026-27520
Binardat 10G08-0800GSM Network Switch Base64-encoded Passwor - CVE-2026-27519
Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encrypt - CVE-2026-27518
Binardat 10G08-0800GSM Network Switch CSRF - CVE-2026-27517
Binardat 10G08-0800GSM Network Switch XSS - CVE-2026-27516
Binardat 10G08-0800GSM Network Switch Plaintext Password Exp
Same weakness: CWE-307
- CVE-2026-41893
Signal K Server's WebSocket Login Endpoint Lacks Rate Limiti - CVE-2025-2514
Improper Restriction of Excessive Authentication Attempts vu - CVE-2023-54347
OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass - CVE-2026-7671
CodeWise Tornet Scooter Mobile App TwoFactor excessive authe - CVE-2026-26206
Wazuh: API brute-force protection bypass via race condition
V. Comments for CVE-2026-27521
No comments yet