← Zuruck zu CVEs
CVE-2026-32841
HIGH8.1
Beschreibung
Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.
CVE Details
CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/17/2026
Zuletzt geandert3/19/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
edimax:gs-5008pledimax:gs-5008pl_firmware
Schwachen (CWE)
CWE-1108
Referenzen
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/(disclosure@vulncheck.com)
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.