CVE-2026-32842— Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-32842
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext
Source: NVD (National Vulnerability Database)
Vulnerability Description
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
Edimax GS-5008PL 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Edimax GS-5008PL是中国台湾讯舟(Edimax)公司的一款千兆以太网交换机。 Edimax GS-5008PL 1.00.54及之前版本存在安全漏洞,该漏洞源于凭据存储不安全,可能导致攻击者通过访问配置备份文件获取管理员凭据,进行未经授权的管理访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| EDIMAX Technology Co., Ltd. | Edimax GS-5008PL | 0 ~ 1.0.54 | - |
II. Public POCs for CVE-2026-32842
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-32842
请登录查看更多情报信息。
Same Patch Batch · EDIMAX Technology Co., Ltd. · 2026-03-17 · 5 CVEs total
| CVE-2026-32841 | 8.1 HIGH | Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients |
| CVE-2026-32838 | 7.5 HIGH | Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP |
| CVE-2026-32840 | 5.4 MEDIUM | Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name |
| CVE-2026-32839 | 4.3 MEDIUM | Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints |
IV. Related Vulnerabilities
Same product: Edimax GS-5008PL
Same vendor: EDIMAX Technology Co., Ltd.
- CVE-2026-32838
Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Clear - CVE-2026-32839
Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoint - CVE-2026-32840
Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name - CVE-2026-32841
Edimax GS-5008PL <= 1.00.54 Global Authentication State Acro - CVE-2020-37097
Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Passwo
Same weakness: CWE-312
- CVE-2026-7163
Assisted-service: assisted-service: authenticated users can - CVE-2026-41385
OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config - CVE-2026-6553
TYPO3 CMS Stores Cleartext Password in User Settings Module - CVE-2026-35644
OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Field - CVE-2025-14815
Information Disclosure, Tampering, and Denial-of-Service Vul
V. Comments for CVE-2026-32842
No comments yet