{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27521", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-19T19:51:07.329Z", "datePublished": "2026-02-24T15:08:14.170Z", "dateUpdated": "2026-03-02T14:49:41.824Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "10G08-0800GSM Network Switch", "vendor": "Binardat Ltd.", "versions": [{"lessThanOrEqual": "V300SP10260209", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Binardat 10G08-0800GSM network switch firmware version&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">V300SP10260209</span>&nbsp;and prior&nbsp;do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials."}], "value": "Binardat 10G08-0800GSM network switch firmware version\u00a0V300SP10260209\u00a0and prior\u00a0do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-02T14:49:41.824Z"}, "references": [{"tags": ["product"], "url": "https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-missing-login-rate-limiting"}], "source": {"discovery": "EXTERNAL"}, "title": "Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T21:19:37.018155Z", "id": "CVE-2026-27521", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T21:19:50.599Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27521", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T21:19:37.018155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T21:19:44.440Z"}}], "cna": {"title": "Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Binardat Ltd.", "product": "10G08-0800GSM Network Switch", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "V300SP10260209"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-missing-login-rate-limiting", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Binardat 10G08-0800GSM network switch firmware version\u00a0V300SP10260209\u00a0and prior\u00a0do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials.", "supportingMedia": [{"type": "text/html", "value": "Binardat 10G08-0800GSM network switch firmware version&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">V300SP10260209</span>&nbsp;and prior&nbsp;do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-02T14:49:41.824Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27521", "state": "PUBLISHED", "dateUpdated": "2026-03-02T14:49:41.824Z", "dateReserved": "2026-02-19T19:51:07.329Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-24T15:08:14.170Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:binardat:10g08-0800gsm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB8E3245-044C-496C-9521-04CE9E097A74", "versionEndIncluding": "V300SP10260209", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:binardat:10g08-0800gsm:-:*:*:*:*:*:*:*", "matchCriteriaId": "466EE3BA-33F8-476B-A66B-02FC3B93CB00", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Binardat 10G08-0800GSM network switch firmware version\u00a0V300SP10260209\u00a0and prior\u00a0do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials."}], "id": "CVE-2026-27521", "lastModified": "2026-03-02T15:16:37.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-24T16:24:10.000", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-missing-login-rate-limiting"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V300SP10260209]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "10G08-0800GSM Network Switch", "source": "cna", "vendor": "Binardat Ltd."}, "product": "10g08-0800gsm_network_switch", "vendor": "binardat"}], "analysis": {"en": {"generated_at": "2026-04-16T16:24:04.243905+00:00", "value": {"mitigation_remediation": ["Upgrade the switch firmware to a version that implements login rate limiting or account lockout.", "Configure the switch\u2019s management interfaces to accept connections only from trusted IP ranges and block all other sources.", "Continuously monitor the device\u2019s log for repeated failed login attempts and block or rate\u2011limit the offending IPs."], "summary": {"action": "Patch Immediately", "impact": "Brute-Force Authentication"}, "threat_synthesis": {"affected_systems": "Vendors affected are Binardat Ltd. The 10G08\u20110800GSM network switch, specifically firmware versions V300SP10260209 and earlier, is impacted. Users running these models are at risk if they rely on the default management interfaces (e.g., web, SSH, Telnet) for administration.", "description_and_impact": "The firmware of the Binardat 10G08-0800GSM network switch does not enforce a limit on failed login attempts or account lockout, allowing attackers to attempt unlimited brute\u2011force attacks against user credentials. This flaw can expose the switch\u2019s administrative interface to credential compromise, leading to full control over network configuration and potentially broader network compromise. The weakness is classified as CWE\u2011307, reflecting insecure authentication practices that enable unauthorized access via brute force.", "risk_and_exploitability": "The CVSS v3.1 score of 6.9 indicates a moderate severity with potential confidentiality, integrity, and availability impact. The EPSS score is below 1%, suggesting low but non\u2011zero exploitation probability in the current landscape. The issue is not listed in CISA\u2019s KEV, but the lack of rate limiting still permits brute\u2011force attacks over an exposed management interface, typically the network, and can be exploited remotely by attackers who can reach the switch\u2019s management ports."}}}}, "created": "2026-02-25T11:38:46.401154+00:00", "updated": "2026-04-16T16:30:15.938854+00:00", "vendors": ["binardat", "binardat$PRODUCT$10g08-0800gsm_network_switch"]}