CVE-2026-32842

MEDIUM 6.5

Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access.

CWE	CWE-312
Vendor	edimax technology co., ltd.
Product	edimax gs-5008pl
Published	Mar 17, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for edimax technology co., ltd. edimax gs-5008pl

Be the first to know when new medium vulnerabilities affecting edimax technology co., ltd. edimax gs-5008pl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

EDIMAX Technology Co., Ltd. / Edimax GS-5008PL

0 ≤ 1.00.54

References

NVD ↗ CVE.org ↗ EPSS Data ↗

edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ vulncheck.com: https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.