Unrated severityNVD Advisory· Published Feb 24, 2026· Updated Feb 26, 2026

Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie

CVE-2026-27520

Description

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Affected products

Binardat/10G08-0800GSMllm-create
Range: < V300SP10260209
Binardat Ltd./10G08-0800GSM Network Switchv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-base64-encoded-password-stored-in-cookiemitrethird-party-advisory
www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switchmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000