CVE-2026-32840

Medium CVSS: 5.1

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script payload that executes when management pages including system_data.js are viewed by administrators.

Vendor

Edimax

Product

Gs-5008pl Firmware

CWE

CWE-79

Yayın Tarihi

2026-03-17 22:16:14

Güncelleme

2026-03-19 14:04:08

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Gs-5008pl Firmware MEDIUM Edimax 2026

Referanslar

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ https://www.vulncheck.com/advisories/edimax-gs-5008pl-stored-xss-via-device-name

Benzer Kayıtlar

Critical

CVE-2026-32841

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthent…

High

CVE-2026-32842

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows att…

High

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implemen…

Medium

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remot…

Medium

CVE-2026-1972

A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Perform…

Medium

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file w…