CVE-2026-32839
Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.
| CWE | CWE-352 |
| Vendor | edimax technology co., ltd. |
| Product | edimax gs-5008pl |
| Published | Mar 17, 2026 |
| Last Updated | Mar 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for edimax technology co., ltd. edimax gs-5008pl
Be the first to know when new medium vulnerabilities affecting edimax technology co., ltd. edimax gs-5008pl are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
EDIMAX Technology Co., Ltd. / Edimax GS-5008PL
0 โค 1.00.54
References
edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ vulncheck.com: https://www.vulncheck.com/advisories/edimax-gs-5008pl-csrf-via-management-cgi-endpoints
Credits
Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.