CVE-2026-32838
Published: 17 March 2026
Summary
CVE-2026-32838 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Edimax Gs-5008Pl Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and MA-4 (Nonlocal Maintenance).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates cryptographic mechanisms to protect confidentiality and integrity of information transmitted across networks, directly preventing interception of cleartext HTTP management credentials and configuration data.
Requires authorization and cryptographic protection for remote access methods including web management interfaces to safeguard transmitted sensitive information.
Enforces cryptographic protection for nonlocal maintenance and diagnostic sessions, such as the vulnerable web management interface on the network device.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Cleartext HTTP in the web management interface directly enables passive network sniffing (T1040) to capture admin credentials and config data over the local network, matching the described attack with no other techniques directly facilitated by the vulnerability itself.
NVD Description
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.
Deeper analysisAI
CVE-2026-32838 is a vulnerability in the Edimax GS-5008PL unmanaged PoE switch running firmware version 1.00.54 and prior versions. The issue stems from the web management interface using cleartext HTTP without TLS or SSL encryption, enabling interception of sensitive data. This is classified as CWE-319 (Cleartext Transmission of Sensitive Information) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact over the network.
Attackers on the same local network as the affected device can exploit this by passively intercepting web management traffic. No privileges, user interaction, or special conditions are required beyond network access. Successful interception allows capture of administrator credentials and sensitive configuration data, potentially enabling unauthorized access or further network compromise.
Vendor and advisory references, including Edimax product pages at https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ and https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/, along with the VulnCheck advisory at https://www.vulncheck.com/advisories/edimax-gs-5008pl-transmits-credentials-over-cleartext-http, provide additional details on the product and vulnerability. No specific patch or mitigation guidance is detailed in the CVE publication from March 17, 2026.
Details
- CWE(s)