CVE-2026-32839

Medium CVSS: 5.1

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.

Vendor

Edimax

Product

Gs-5008pl Firmware

CWE

CWE-352

Yayın Tarihi

2026-03-17 22:16:14

Güncelleme

2026-03-19 14:06:11

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 Gs-5008pl Firmware MEDIUM Edimax 2026

Referanslar

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ https://www.vulncheck.com/advisories/edimax-gs-5008pl-csrf-via-management-cgi-endpoints

Benzer Kayıtlar

Critical

CVE-2026-32841

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthent…

High

CVE-2026-32842

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows att…

High

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implemen…

Medium

CVE-2026-32840

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_na…

Medium

CVE-2026-1972

A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Perform…

Medium

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file w…