{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-32838","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-03-16T18:11:41.757Z","datePublished":"2026-03-17T21:42:35.770Z","dateUpdated":"2026-05-08T14:03:37.961Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-05-08T14:03:37.961Z"},"title":"Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP","descriptions":[{"lang":"en","value":"Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data."}],"tags":["unsupported-when-assigned"],"datePublic":"2026-03-18T00:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-319","description":"Cleartext Transmission of Sensitive Information","type":"CWE"}]}],"affected":[{"vendor":"EDIMAX Technology Co., Ltd.","product":"Edimax GS-5008PL","versions":[{"status":"affected","version":"0","lessThanOrEqual":"1.0.54","versionType":"semver"}],"defaultStatus":"unknown"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","version":"3.1","baseSeverity":"HIGH","baseScore":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}],"references":[{"url":"https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/","tags":["product"]},{"url":"https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/","tags":["product"]},{"url":"https://www.vulncheck.com/advisories/edimax-gs-5008pl-transmits-credentials-over-cleartext-http","tags":["third-party-advisory"]}],"credits":[{"lang":"en","value":"Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-18T20:01:50.106300Z","id":"CVE-2026-32838","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-18T20:02:00.662Z"}}]}}