Cyber Resilience

CVE-2026-32838

HighPublic PoC

Published: 17 March 2026

Published
17 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 3.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32838 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Edimax Gs-5008Pl Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and MA-4 (Nonlocal Maintenance).

Deeper analysis

CVE-2026-32838 is a vulnerability in the Edimax GS-5008PL unmanaged PoE switch running firmware version 1.00.54 and prior versions. The issue stems from the web management interface using cleartext HTTP without TLS or SSL encryption, enabling interception of sensitive data. This is classified as CWE-319 (Cleartext Transmission of Sensitive Information) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact over the network.

Attackers on the same local network as the affected device can exploit this by passively intercepting web management traffic. No privileges, user interaction, or special conditions are required beyond network access. Successful interception allows capture of administrator credentials and sensitive configuration data, potentially enabling unauthorized access or further network compromise.

Vendor and advisory references, including Edimax product pages at https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ and https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/, along with the VulnCheck advisory at https://www.vulncheck.com/advisories/edimax-gs-5008pl-transmits-credentials-over-cleartext-http, provide additional details on the product and vulnerability. No specific patch or mitigation guidance is detailed in the CVE publication from March 17, 2026.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Cleartext HTTP in the web management interface directly enables passive network sniffing (T1040) to capture admin credentials and config data over the local network, matching the described attack with no other techniques directly facilitated by the vulnerability itself.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32841Same product: Edimax Gs-5008Pl
CVE-2025-67159Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2026-30796Shared CWE-319
CVE-2024-36558Shared CWE-319
CVE-2026-30795Shared CWE-319
CVE-2026-23661Shared CWE-319
CVE-2025-70048Shared CWE-319
CVE-2025-1060Shared CWE-319
CVE-2025-0556Shared CWE-319

Affected Assets

edimax
gs-5008pl firmware
≤ 1.00.54

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates cryptographic mechanisms to protect confidentiality and integrity of information transmitted across networks, directly preventing interception of cleartext HTTP management credentials and configuration data.

prevent

Requires authorization and cryptographic protection for remote access methods including web management interfaces to safeguard transmitted sensitive information.

prevent

Enforces cryptographic protection for nonlocal maintenance and diagnostic sessions, such as the vulnerable web management interface on the network device.

References