HIGHCVE-2026-27520Published Modified CNA VulnCheck
CVE-2026-27520: Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- V300SP10260209
- Affected Products
- 1
Fix available
V300SP10260209
Affected packages
- Binardat Ltd. / 10G08-0800GSM Network Switch< V300SP10260209 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences