cvedb.io
CVE-2026-27520
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-02-24T16:24:09.813 · Last modified 2026-06-17T10:27:17.970

Summary

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Affected products

binardat — 10g08-0800gsm_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when binardat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.