CVE-2026-32841

Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/	Product
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/	Product
https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*

History

26 May 2026, 14:16

Type	Values Removed	Values Added
Summary	(en) Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.	(en) Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

19 Mar 2026, 14:03

Type	Values Removed	Values Added
References	~~() https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ -~~	() https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ - Product
References	~~() https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ -~~	() https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ - Product
References	~~() https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients -~~	() https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients - Third Party Advisory
First Time		Edimax Edimax gs-5008pl Firmware Edimax gs-5008pl
CPE		cpe:2.3:h:edimax:gs-5008pl:-:::::::* cpe:2.3:o:edimax:gs-5008pl_firmware::::::::

18 Mar 2026, 14:52

Type	Values Removed	Values Added
Summary		(es) Edimax GS-5008PL firmware versión 1.00.54 y anteriores contienen una vulnerabilidad de omisión de autenticación que permite a atacantes no autenticados acceder a la interfaz de gestión. Los atacantes pueden explotar el mecanismo de bandera de autenticación global para obtener acceso administrativo sin credenciales después de que cualquier usuario se autentique, lo que permite cambios de contraseña no autorizados, cargas de firmware y modificaciones de configuración.

17 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-17 22:16

Updated : 2026-05-26 14:16

NVD link : CVE-2026-32841

Mitre link : CVE-2026-32841

CVE.ORG link : CVE-2026-32841

JSON object : View

Products Affected

edimax

gs-5008pl_firmware
gs-5008pl

CWE

CWE-1108

Excessive Reliance on Global Variables

8.1 /10