PT-2026-25948 · Edimax · Edimax Gs-5008Pl
Kazuma Matsumoto
·
Published
2026-03-17
·
Updated
2026-03-18
·
CVE-2026-32842
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Edimax GS-5008PL firmware versions prior to 1.00.54
Description
The firmware stores credentials insecurely, allowing attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the
config.bin file through the /fupload.cgi endpoint to extract plaintext username and password fields, enabling unauthorized administrative access. The username and password are stored in plaintext within the configuration file.Recommendations
Update to a firmware version newer than 1.00.54.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edimax Gs-5008Pl