CVE-2026-32841

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/	Product
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/	Product
https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-17 22:16

Updated : 2026-03-19 14:03

NVD link : CVE-2026-32841

Mitre link : CVE-2026-32841

CVE.ORG link : CVE-2026-32841

JSON object : View

Products Affected

edimax

gs-5008pl
gs-5008pl_firmware

CWE

CWE-1108

Excessive Reliance on Global Variables

{"id": "CVE-2026-32841", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-17T22:16:15.043", "references": [{"url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-1108"}]}], "descriptions": [{"lang": "en", "value": "Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications."}, {"lang": "es", "value": "Edimax GS-5008PL firmware versi\u00f3n 1.00.54 y anteriores contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que permite a atacantes no autenticados acceder a la interfaz de gesti\u00f3n. Los atacantes pueden explotar el mecanismo de bandera de autenticaci\u00f3n global para obtener acceso administrativo sin credenciales despu\u00e9s de que cualquier usuario se autentique, lo que permite cambios de contrase\u00f1a no autorizados, cargas de firmware y modificaciones de configuraci\u00f3n."}], "lastModified": "2026-03-19T14:03:08.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D7B2D27-F6A6-4646-ACC9-EEB3CA14C081", "versionEndIncluding": "1.00.54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5804910F-1457-49D5-9FB1-8F131C771011"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "disclosure@vulncheck.com"}