CVE-2026-32842

MEDIUM

Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext

Title source: cna

Description

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access.

References (3)

Scores

CVSS v3 6.5
EPSS 0.0001
EPSS Percentile 1.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (2)
edimax/gs-5008pl_firmware < 1.00.54
EDIMAX Technology Co., Ltd./Edimax GS-5008PL < 1.00.54
Published Mar 17, 2026
Tracked Since Mar 18, 2026