CVE-2026-27517 is a cross-site scripting (XSS) vulnerability classified under CWE-79, found in the web interface of Binardat Ltd.'s 10G08-0800GSM network switch firmware version V300SP10260209 and earlier. The vulnerability occurs because the firmware reflects user-supplied input in web pages without proper sanitization or encoding, enabling an attacker to inject malicious JavaScript code. When an authenticated user accesses the affected web interface, the injected script executes in their browser context, potentially compromising session tokens, credentials, or enabling unauthorized actions within the device management console. The vulnerability requires the attacker to have at least low privileges (PR:L) and user interaction (UI:P), but no authentication bypass or elevated privileges are necessary. The CVSS 4.0 base score is 5.1, indicating medium severity, with network attack vector (AV:N), low attack complexity (AC:L), and no user privileges required for initial access. The scope is limited to the affected device's web interface, and no known exploits are currently in the wild. The lack of available patches means organizations must rely on mitigations until a firmware update is released.

The primary impact of this vulnerability is the compromise of confidentiality and integrity within the network switch management interface. Successful exploitation can lead to session hijacking, theft of administrative credentials, and unauthorized configuration changes, potentially disrupting network operations or enabling further lateral movement within an organization's infrastructure. Since the device is a network switch, compromise could affect network traffic management, security policies, and availability indirectly. Organizations relying on these switches for critical network infrastructure may face increased risk of targeted attacks, especially if the management interface is exposed or accessible to untrusted networks. The medium severity reflects the need for authentication and user interaction, limiting exploitation scope but still posing significant risk in environments with multiple administrators or where phishing/social engineering is feasible.

1. Restrict access to the network switch management interface by implementing network segmentation and firewall rules to limit access to trusted administrators only. 2. Employ strong authentication mechanisms and enforce least privilege principles for user accounts managing the device. 3. Implement web application firewalls (WAFs) or intrusion detection systems (IDS) to detect and block malicious input patterns targeting the web interface. 4. Educate administrators about phishing and social engineering risks to reduce the likelihood of user interaction leading to exploitation. 5. Monitor device logs and network traffic for unusual activities indicative of exploitation attempts. 6. Coordinate with Binardat Ltd. for timely firmware updates or patches addressing this vulnerability and plan for prompt deployment once available. 7. Where possible, disable or limit web interface functionality that is not essential to reduce the attack surface.