CVE-2026-27519 identifies a cryptographic vulnerability in the Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and earlier. The device employs the RC4 stream cipher with a hard-coded cryptographic key embedded directly in client-side JavaScript code. This key is static and publicly exposed, violating secure key management principles (CWE-321) and using a weak cipher (CWE-327). Because the key is embedded in client-side code, any attacker with network access or the ability to intercept communications can retrieve the key and decrypt sensitive data protected by this mechanism. The vulnerability does not require any authentication or user interaction, making it trivially exploitable remotely. The use of RC4, a deprecated cipher with known weaknesses, further exacerbates the risk. This vulnerability compromises the confidentiality of data transmitted or stored by the affected network switch, potentially exposing configuration details, credentials, or network traffic. The CVSS 4.0 score of 8.7 reflects the high impact and ease of exploitation. No patches or fixes are currently available, and no known exploits have been reported in the wild as of the publication date.

The vulnerability threatens the confidentiality of sensitive data handled by the Binardat 10G08-0800GSM network switches, which are likely deployed in telecommunications and enterprise network environments. Attackers exploiting this flaw can decrypt protected values, potentially gaining access to network configurations, authentication credentials, or intercepted traffic. This could lead to further network compromise, unauthorized access, or data exfiltration. Given the critical role of network switches in managing data flows, exploitation could disrupt secure communications and undermine trust in network infrastructure. Organizations relying on these devices may face operational disruptions, regulatory compliance violations, and reputational damage. The lack of authentication or user interaction requirements increases the risk of automated or widespread exploitation if attackers gain network access.

Organizations should immediately inventory their network infrastructure to identify the presence of Binardat 10G08-0800GSM switches running vulnerable firmware versions. Until a vendor patch is available, mitigations include isolating affected devices within secure network segments, restricting management access to trusted administrators via VPN or dedicated management networks, and monitoring network traffic for suspicious activity indicative of key extraction or decryption attempts. Network administrators should disable or replace any client-side JavaScript-based cryptographic functions if possible. Employing network-level encryption (e.g., IPsec or TLS) independent of the device’s built-in mechanisms can provide an additional confidentiality layer. Organizations should engage with Binardat Ltd. for firmware updates or workarounds and plan for device replacement if no fix is forthcoming. Regularly updating network device firmware and conducting security audits will help prevent similar vulnerabilities.