CVE-2026-27520
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Description
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.
Analysis
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwords as reversible Base64-encoded values in web interface cookies, allowing unauthenticated attackers with cookie access to recover plaintext passwords. This high-severity vulnerability affects confidentiality of administrative credentials with no available patch, creating significant risk for network infrastructure compromise.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: inventory all Binardat 10G08-0800GSM switches in production and identify those running firmware versions prior to V300SP10260209. Within 7 days: implement network segmentation to restrict web interface access to trusted administrative networks only and disable web-based management if not operationally required. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today