CVE-2026-32838
Received
Received - Intake
Cleartext HTTP Exposure in Edimax GS-5008PL Enables Credential Theft
Vulnerability report for CVE-2026-32838, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | gs-5008pl_firmware | to 1.00.54 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |