10g08 0800gsm Firmware
CVE-2026-27520
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.
AnalysisAI
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwords as reversible Base64-encoded values in web interface cookies, allowing unauthenticated attackers with cookie access to recover plaintext passwords. This high-severity vulnerability affects confidentiality of administrative credentials with no available patch, creating significant risk for network infrastructure compromise.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 with web interface enabled and user authentication configured. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker could exploit this vulnerability to compromise the affected system. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all Binardat 10G08-0800GSM switches in production and identify those running firmware versions prior to V300SP10260209. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in 10g08 0800gsm Firmware
View allHardcoded admin credentials in Binardat 10G08-0800GSM network switch firmware V300SP10260209 and prior. Known credential
Predictable session identifiers in Binardat 10G08-0800GSM network switch. Numeric session IDs are easily guessable, enab
Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1
10G08-0800Gsm Firmware is affected by improper restriction of excessive authentication attempts (CVSS 7.5).
Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in clie
Binardat 10G08-0800GSM network switch firmware prior to V300SP10260209 stores administrative credentials in plaintext wi
Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables att
Unauthorized configuration changes in Binardat 10G08-0800GSM network switches (firmware V300SP10260209 and prior) result
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today