CVE-2026-32838

HIGH 7.5

Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.

CWE	CWE-319
Vendor	edimax technology co., ltd.
Product	edimax gs-5008pl
Published	Mar 17, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for edimax technology co., ltd. edimax gs-5008pl

Be the first to know when new high vulnerabilities affecting edimax technology co., ltd. edimax gs-5008pl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

EDIMAX Technology Co., Ltd. / Edimax GS-5008PL

0 ≤ 1.00.54

References

NVD ↗ CVE.org ↗ EPSS Data ↗

edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ vulncheck.com: https://www.vulncheck.com/advisories/edimax-gs-5008pl-transmits-credentials-over-cleartext-http

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.