PT-2026-25948 · Edimax · Edimax Gs-5008Pl

Kazuma Matsumoto

Publicado

2026-03-17

Atualizado

2026-03-18

CVE-2026-32842

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Edimax GS-5008PL firmware versions prior to 1.00.54

Description The firmware stores credentials insecurely, allowing attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through the /fupload.cgi endpoint to extract plaintext username and password fields, enabling unauthorized administrative access. The username and password are stored in plaintext within the configuration file.

Recommendations Update to a firmware version newer than 1.00.54.

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

BDU:2026-03531

CVE-2026-32842

Produtos afetados

Edimax Gs-5008Pl

PT-2026-25948 · Edimax · Edimax Gs-5008Pl

CVE-2026-32842

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7