← back
CVE-2026-32838

Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

CVSS 8.7 HIGHEPSS 0.1%CWE-319
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
EDIMAX Technology Co., Ltd. · Edimax GS-5008PL

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/https://www.vulncheck.com/advisories/edimax-gs-5008pl-transmits-credentials-over-cleartext-http