CVE-2026-27520 PUBLISHED

Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie

Assigner: VulnCheck
Reserved: 19.02.2026 Published: 24.02.2026 Updated: 24.02.2026

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Binardat Ltd.
Product 10G08-0800GSM Network Switch
Versions Default: unaffected
  • affected from 0 to V300SP10260209 (excl.)

Credits

  • Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. finder

References

Problem Types

  • CWE-312 Cleartext Storage of Sensitive Information CWE