CVE-2026-32838 PUBLISHED

Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Assigner: VulnCheck
Reserved: 16.03.2026 Published: 17.03.2026 Updated: 17.03.2026

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor EDIMAX Technology Co., Ltd.
Product Edimax GS-5008PL
Versions Default: unknown
  • affected from 0 to 1.00.54 (incl.)

Credits

  • Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. finder

References

Problem Types

  • CWE-319 Cleartext transmission of sensitive information CWE