Advisories: Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie Severity: High Date: 2/24/2026 Affected Product: Binardat 10G08-0800GSM Network Switch Vulnerability Type: CWE-312 Cleartext Storage of Sensitive Information CVSS V4: 4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N References: - Binardat Product Page Credit: Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. Description: - Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Since Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.