CVE-2026-32841

Critical CVSS: 9.2

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

Vendor

Edimax

Product

Gs-5008pl Firmware

CWE

CWE-1108

Yayın Tarihi

2026-03-17 22:16:15

Güncelleme

2026-03-19 14:03:08

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1108 Gs-5008pl Firmware CRITICAL Edimax 2026

Referanslar

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients

Benzer Kayıtlar

High

CVE-2026-32842

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows att…

High

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implemen…

Medium

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remot…

Medium

CVE-2026-32840

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_na…

Medium

CVE-2026-1972

A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Perform…

Medium

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file w…