Home

Description

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

PUBLISHED Reserved 2026-03-16 | Published 2026-03-17 | Updated 2026-03-18 | Assigner VulnCheck




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1108 Excessive reliance on global variables

Product status

Default status
unknown

Any version
affected

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. finder

References

www.edimax.com/...a/edimax/us/smb_legacy_switches/gs-5008pl/ product

www.edimax.com/...e_list/data/edimax/us/smb_legacy_products/ product

www.vulncheck.com/...authentication-state-across-all-clients third-party-advisory

cve.org (CVE-2026-32841)

nvd.nist.gov (CVE-2026-32841)

Download JSON