CVE-2026-32841

HIGH 8.1

Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

CWE	CWE-1108
Vendor	edimax technology co., ltd.
Product	edimax gs-5008pl
Published	Mar 17, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for edimax technology co., ltd. edimax gs-5008pl

Be the first to know when new high vulnerabilities affecting edimax technology co., ltd. edimax gs-5008pl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

EDIMAX Technology Co., Ltd. / Edimax GS-5008PL

0 ≤ 1.00.54

References

NVD ↗ CVE.org ↗ EPSS Data ↗

edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ vulncheck.com: https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.