CVE-2026-32838 - Vulnerability Details

- Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Description

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.

Published: 2026-03-17

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Edimax GS-5008PL firmware up to and including version 1.00.54 transmits web‑management credentials and configuration data over cleartext HTTP. Because the interface does not implement TLS or SSL, any traffic sent between the device and an administrator is exposed to attackers. This vulnerability, identified as CWE‑319, enables an attacker to capture administrator usernames and passwords, as well as sensitive configuration information, potentially allowing further compromise of the device or any network it is connected to.

Affected Systems

The affected product is the Edimax GS‑5008PL switch manufactured by Edimax Technology Co., Ltd. All firmware releases 1.00.54 and earlier are vulnerable; the exact firmware versions are listed in the vendor’s documentation and the advisory references.

Risk and Exploitability

The CVSS base score is 8.7 (High), indicating substantial impact if exploited. The EPSS score is reported to be less than 1 %, suggesting that exploitation is currently unlikely but not impossible, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local network access; an adversary who can observe traffic on the same LAN segment or intercept management traffic (for example by ARP spoofing) can exploit the flaw. Successful exploitation results in credential theft and exposure of configuration data, leading to potential lateral movement or device takeover.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

EDIMAX Technology Co., Ltd.

Edimax GS-5008PL

unknown

Version	Status	Constraints
`0`	affected	≤ 1.00.54

Configuration 1 [-]

AND

cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Edimax Technology

Edimax Gs-5008pl

100%

Version	Status	Scheme	Platform
`[0,1.00.54]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the firmware to a version newer than 1.00.54 when an update is released and verified from the vendor.
If a firmware update is not immediately available, disable the non‑secure HTTP management interface or restrict it to a trusted subnet using firewall rules.
Where possible, enforce HTTPS for management traffic, or protect the device with a VPN or other secure tunnel to prevent eavesdropping.
Monitor network traffic for signs of management traffic interception and audit device logs for anomalous authentication attempts.

Generated by OpenCVE AI on March 19, 2026 at 16:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00006.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/
https://www.vulncheck.com/advisories/edimax-gs-5008pl-transmits-credentials-over-cleartext-http

History

Thu, 19 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edimax Edimax gs-5008pl Edimax gs-5008pl Firmware
CPEs		cpe:2.3:h:edimax:gs-5008pl:-:::::::* cpe:2.3:o:edimax:gs-5008pl_firmware::::::::
Vendors & Products		Edimax Edimax gs-5008pl Edimax gs-5008pl Firmware

Wed, 18 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edimax Technology Edimax Technology edimax Gs-5008pl
Vendors & Products		Edimax Technology Edimax Technology edimax Gs-5008pl

Tue, 17 Mar 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Tue, 17 Mar 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.
Title		Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP
Weaknesses		CWE-319
References		https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ https://www.vulncheck.com/advisories/edimax-gs-5008pl-transmits-credentials-over-cleartext-http
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Edimax Gs-5008pl Gs-5008pl Firmware

Edimax Technology Edimax Gs-5008pl

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-17T21:42:35.770Z

Updated: 2026-03-18T20:02:00.662Z

Reserved: 2026-03-16T18:11:41.757Z

Link: CVE-2026-32838

Vulnrichment

Updated: 2026-03-18T20:01:56.210Z

NVD

Status : Analyzed

Published: 2026-03-17T22:16:14.457

Modified: 2026-03-19T14:08:34.423

Link: CVE-2026-32838

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:54:33Z

Weaknesses

CWE-319

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object