← Back to CVEs
CVE-2026-32841
HIGH8.1
Description
Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.
CVE Details
CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published3/17/2026
Last Modified3/19/2026
Sourcenvd
Honeypot Sightings0
Affected Products
edimax:gs-5008pledimax:gs-5008pl_firmware
Weaknesses (CWE)
CWE-1108
References
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/(disclosure@vulncheck.com)
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.