CVE-2026-27520

EPSS 0.02%
Veröffentlicht 24.02.2026 15:07:41
Zuletzt bearbeitet 25.02.2026 17:25:34
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Binardat ≫ 10g08-0800gsm Firmware Version <= V300SP10260209

Binardat ≫ 10g08-0800gsm Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
disclosure@vulncheck.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch

Product

https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-base64-encoded-password-stored-in-cookie

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27520

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27520

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27520

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27520