关键漏洞信息 漏洞名称: Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection 严重性: High 日期: 2/24/2026 受影响设备: Binardat 10G08-0800GSM Network Switch firmware <= V300SP10260209 CVE编号: 2026-23678 CVE类型: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CVSS V4 向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 参考链接: Binardat Product Page 发现者: Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. 描述: Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.