CVE-2026-32842

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ Product
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ Product
https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*
History

19 Mar 2026, 13:54

Type Values Removed Values Added
References () https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ - () https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ - Product
References () https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ - () https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ - Product
References () https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext - () https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext - Third Party Advisory
CPE cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*
cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*
First Time Edimax
Edimax gs-5008pl Firmware
Edimax gs-5008pl

18 Mar 2026, 14:52

Type Values Removed Values Added
Summary
  • (es) Las versiones de firmware 1.00.54 y anteriores de Edimax GS-5008PL contienen una vulnerabilidad de almacenamiento inseguro de credenciales que permite a los atacantes obtener credenciales de administrador al acceder a los archivos de copia de seguridad de configuración. Los atacantes pueden descargar el archivo config.bin a través de fupload.cgi para extraer campos de nombre de usuario y contraseña en texto plano para acceso administrativo no autorizado.

17 Mar 2026, 22:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-17 22:16

Updated : 2026-03-19 13:54

NVD link : CVE-2026-32842

Mitre link : CVE-2026-32842

CVE.ORG link : CVE-2026-32842

JSON object : View

Products Affected

edimax

  • gs-5008pl_firmware
  • gs-5008pl
CWE
CWE-312

Cleartext Storage of Sensitive Information