CVE-2026-27520 is a vulnerability classified under CWE-312 (Cleartext Storage of Sensitive Information) found in Binardat Ltd.'s 10G08-0800GSM network switch firmware versions prior to V300SP10260209. The issue arises because the device's web interface stores user passwords in client-side cookies encoded only with Base64. Base64 encoding is not encryption; it is easily decoded, meaning that anyone with access to the cookie can recover the plaintext password. This storage method violates best practices for credential management, as sensitive information should never be stored client-side in a reversible format. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network, making it highly accessible to attackers. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) reflects that the attack can be performed remotely with low complexity and no privileges, with a high impact on confidentiality. Although no known exploits have been reported in the wild, the vulnerability's nature makes it a critical risk for unauthorized access to network management interfaces. This could lead to unauthorized configuration changes, network disruption, or further lateral movement within affected environments. The vulnerability affects all firmware versions prior to V300SP10260209, and no official patches or updates are linked yet, indicating the need for immediate attention from affected users.

The primary impact of CVE-2026-27520 is the compromise of user credentials for the Binardat 10G08-0800GSM network switch management interface. If an attacker obtains the Base64-encoded cookie, they can decode it to retrieve the plaintext password, enabling unauthorized access to the device. This can lead to unauthorized configuration changes, network disruption, interception of network traffic, or use of the compromised device as a foothold for further attacks within the network. Given the network switch's role in managing critical network infrastructure, such unauthorized access could severely impact network availability and integrity. The vulnerability’s ease of exploitation and lack of required authentication increase the risk of widespread attacks, especially in environments where these switches are deployed without additional network segmentation or monitoring. Organizations relying on these devices may face operational downtime, data breaches, and potential regulatory compliance issues if the vulnerability is exploited.

1. Immediate upgrade to firmware version V300SP10260209 or later once available, as this version addresses the vulnerability by eliminating insecure password storage. 2. Until a patch is applied, restrict access to the network switch management interface using network segmentation, firewall rules, or VPNs to limit exposure to trusted administrators only. 3. Implement strong monitoring and logging of access to the device’s web interface to detect any unauthorized attempts to access cookies or management functions. 4. Use secure cookie attributes such as HttpOnly and Secure flags to reduce the risk of cookie theft via client-side scripts or network interception. 5. Educate administrators on the risks of storing sensitive information client-side and encourage use of multi-factor authentication (MFA) if supported by the device. 6. Conduct regular audits of network devices to identify and remediate insecure configurations or outdated firmware. 7. If possible, replace affected devices with alternatives that follow secure credential storage practices.