{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32842", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-16T18:11:41.758Z", "datePublished": "2026-03-17T21:41:55.905Z", "dateUpdated": "2026-05-08T14:02:13.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-08T14:02:13.815Z"}, "title": "Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext", "descriptions": [{"lang": "en", "value": "Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access."}], "tags": ["unsupported-when-assigned"], "datePublic": "2026-03-19T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-312", "description": "Cleartext Storage of Sensitive Information", "type": "CWE"}]}], "affected": [{"vendor": "EDIMAX Technology Co., Ltd.", "product": "Edimax GS-5008PL", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.0.54", "versionType": "semver"}], "defaultStatus": "unknown"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "references": [{"url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/", "tags": ["product"]}, {"url": "https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext", "tags": ["third-party-advisory"]}], "credits": [{"lang": "en", "value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T20:09:14.359500Z", "id": "CVE-2026-32842", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T20:09:26.547Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32842", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T20:09:14.359500Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T20:09:23.546Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EDIMAX Technology Co., Ltd.", "product": "Edimax GS-5008PL", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.54"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-19T00:00:00.000Z", "references": [{"url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/", "tags": ["product"]}, {"url": "https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-08T14:02:13.815Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32842", "state": "PUBLISHED", "dateUpdated": "2026-05-08T14:02:13.815Z", "dateReserved": "2026-03-16T18:11:41.758Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-17T21:41:55.905Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D7B2D27-F6A6-4646-ACC9-EEB3CA14C081", "versionEndIncluding": "1.00.54", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*", "matchCriteriaId": "5804910F-1457-49D5-9FB1-8F131C771011", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "disclosure@vulncheck.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access."}, {"lang": "es", "value": "Las versiones de firmware 1.00.54 y anteriores de Edimax GS-5008PL contienen una vulnerabilidad de almacenamiento inseguro de credenciales que permite a los atacantes obtener credenciales de administrador al acceder a los archivos de copia de seguridad de configuraci\u00f3n. Los atacantes pueden descargar el archivo config.bin a trav\u00e9s de fupload.cgi para extraer campos de nombre de usuario y contrase\u00f1a en texto plano para acceso administrativo no autorizado."}], "id": "CVE-2026-32842", "lastModified": "2026-03-19T13:54:05.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-17T22:16:15.227", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.00.54]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Edimax GS-5008PL", "source": "cna", "vendor": "EDIMAX Technology Co., Ltd."}, "product": "edimax_gs-5008pl", "vendor": "edimax_technology"}], "analysis": {"en": {"generated_at": "2026-03-19T16:17:01.745633+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website for the latest firmware release; if a version newer than 1.00.54 is available, install it to eliminate the insecure credential storage.", "If no update is available or deploying the firmware is impractical, restrict or disable access to the fupload.cgi endpoint that allows downloading configuration backups.", "Limit inbound administrative traffic to the device by configuring firewall rules or placing the switch in a dedicated, internally trusted VLAN.", "If the device remains exposed and cannot be secured through update or configuration changes, consider replacing it with a product that follows secure credential storage practices."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Administrative Access"}, "threat_synthesis": {"affected_systems": "Affected vendor: EDIMAX Technology Co., Ltd. Product: Edimax GS\u20115008PL. Firmware versions 1.00.54 and earlier are vulnerable; versions newer than 1.00.54 are presumed not to contain the flaw.", "description_and_impact": "The vulnerability is an insecure credential storage flaw that allows an attacker to download the configuration backup file (config.bin) through the fupload.cgi endpoint and then extract the plaintext username and password fields embedded within it. This provides a mechanism for obtaining valid administrative credentials, which can be used to access the device\u2019s web\u2011based management interface with full privileges. The weakness corresponds to CWE\u2011312, Plaintext Storage of Sensitive Information.", "risk_and_exploitability": "The CVSS base score is 7.1, indicating a high severity level. The EPSS score is reported as less than 1%, suggesting a low likelihood of widespread exploitation at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the attacker can obtain credentials via the device\u2019s web interface, typically by accessing the fupload.cgi endpoint without needing pre\u2011existing authentication. Thus, the attack vector is a local or remote web\u2011based request, and the exploitation path is straightforward: download config.bin, parse the plaintext fields, and use the extracted credentials to gain administrative control."}}}}, "created": "2026-03-18T10:42:46.978323+00:00", "updated": "2026-03-24T10:54:35.991813+00:00", "vendors": ["edimax_technology", "edimax_technology$PRODUCT$edimax_gs-5008pl"]}