CVE-2026-32840

MEDIUM 5.4

Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script payload that executes when management pages including system_data.js are viewed by administrators.

CWE	CWE-79
Vendor	edimax technology co., ltd.
Product	edimax gs-5008pl
Published	Mar 17, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for edimax technology co., ltd. edimax gs-5008pl

Be the first to know when new medium vulnerabilities affecting edimax technology co., ltd. edimax gs-5008pl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

EDIMAX Technology Co., Ltd. / Edimax GS-5008PL

0 ≤ 1.00.54

References

NVD ↗ CVE.org ↗ EPSS Data ↗

edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ vulncheck.com: https://www.vulncheck.com/advisories/edimax-gs-5008pl-stored-xss-via-device-name

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.