CVE-2026-27520
Published: 24 February 2026
Summary
CVE-2026-27520 is a high-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Binardat 10G08-0800Gsm Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-27520 is a vulnerability in the Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209. The issue stems from the storage of a user password in a client-side cookie as a Base64-encoded value, which is accessible via the web management interface. Base64 encoding is reversible and provides no confidentiality, enabling straightforward recovery of the plaintext password. It is classified under CWE-312 (Cleartext Storage of Sensitive Information) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
The vulnerability can be exploited by any network-accessible attacker with low complexity and no required privileges or user interaction. By obtaining the cookie value—potentially through network interception if the web interface lacks HTTPS enforcement, client-side access, or other means—an attacker can decode the Base64 content to retrieve the plaintext password. This grants high-impact confidentiality loss, allowing unauthorized access to the switch's management functions.
Advisories, including the VulnCheck report and Binardat's product page for the 8-port 10 Gigabit SFP+ managed switch, indicate that firmware version V300SP10260209 or later addresses the issue by remediating the insecure password storage. Security practitioners should verify and apply updates to affected devices, audit web interface configurations for secure cookie handling (e.g., HttpOnly and Secure flags), and monitor for unauthorized access.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8537
Vulnerability details
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the…
more
cookie value can recover the plaintext password.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vuln in web management interface (public-facing) enables remote credential recovery via insecure Base64 cookie storage (unsecured creds).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires identifying, reporting, and correcting flaws like the insecure Base64-encoded password storage in client-side cookies via firmware updates to V300SP10260209 or later.
IA-5 mandates protecting authenticator content such as passwords from unauthorized disclosure, directly addressing reversible storage in accessible client-side cookies.
CM-6 enforces secure configuration settings for the web management interface, including HttpOnly and Secure cookie flags to limit exposure of the Base64-encoded password.