CVE-2026-27520 | THREATINT

Description

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

PUBLISHED Reserved 2026-02-19 | Published 2026-02-24 | Updated 2026-02-24 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

Any version before V300SP10260209

affected

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. finder

References

www.binardat.com/...al-fanless-fiber-binardat-network-switch product

www.vulncheck.com/...ase64-encoded-password-stored-in-cookie third-party-advisory

cve.org (CVE-2026-27520)

nvd.nist.gov (CVE-2026-27520)

Download JSON