CVE-2026-32838 HIGH

CVE-2026-32838: Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Vendor Edimax Technology Co., Ltd.
Product Edimax GS-5008PL
Weakness CWE-319 · Cleartext transmission
Published March 17, 2026
Last update May 8, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.

Key dates

02Disclosure timeline

March 17, 2026 CVE published
May 8, 2026 Record updated