Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Binardat Switch Firmware Exposes Passwords in Plain Text
CVE-2026-27520
Summary
Certain Binardat switch firmware versions store user passwords in a cookie that can be accessed through the web interface. This makes it possible for unauthorized users to obtain the password if they can access the cookie. To protect passwords, update to the latest firmware version, V300SP10260209, or take other measures to secure your password storage.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| binardat | 10g08-0800gsm_firmware | <= V300SP10260209 | – |
Original title
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Bas...
Original description
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-312
Cleartext Storage of Sensitive Information
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026