CVE-2026-27520

High CVSS: 8.7

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Vendor

Binardat

Product

10g08-0800gsm Firmware

CWE

CWE-312

Yayın Tarihi

2026-02-24 16:24:09

Güncelleme

2026-02-25 17:25:34

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-312 10g08-0800gsm Firmware HIGH Binardat 2026

Referanslar

https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-base64-encoded-password-stored-in-cookie

Benzer Kayıtlar

Medium

CVE-2026-27521

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or accoun…

High

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext withi…

Medium

CVE-2026-27517

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the we…

Medium

CVE-2026-27518

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing…

High

CVE-2026-27519

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded i…

High

CVE-2026-23678

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerabilit…