CVE-2026-32842

EPSS 0.01%
Veröffentlicht 17.03.2026 21:41:55
Zuletzt bearbeitet 19.03.2026 13:54:05
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username and password fields for unauthorized administrative access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Edimax ≫ Gs-5008pl Firmware Version <= 1.00.54

Edimax ≫ Gs-5008pl Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
disclosure@vulncheck.com	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/

Product

https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/

Product

https://www.vulncheck.com/advisories/edimax-gs-5008pl-admin-credentials-stored-in-cleartext

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-32842

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32842

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32842

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32842