CVE-2026-23678 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 25, 2026
Binardat 10G08-0800GSM - Command Injection
Overview
Binardat 10G08-0800GSM network switch firmware V300SP10260209 and prior contains a command injection caused by improper sanitization of the hostname parameter in the traceroute diagnostic function, letting authenticated attackers execute arbitrary CLI commands via the web interface.
Severity & Score
Impact
Authenticated attackers can execute arbitrary commands on the device, potentially leading to full device compromise.
Mitigation
Update to the latest firmware version beyond V300SP10260209.
References
Social Media Activity(2 posts)
š CVE-2026-23678 - High (8.8) Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the character into the ... š https://www.thehackerwire.com/vulnerability/CVE-2026-23678/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-23678 - High (8.8) Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the character into the ... š https://www.thehackerwire.com/vulnerability/CVE-2026-23678/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-23678
- Severity
- High
- CVSS Score
- 8.8
- Type
- command_injection
- Status
- confirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H