CVE-2026-32839
MEDIUMEdimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints
Title source: cnaDescription
Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.
References (3)
Core 3
Core References
Product product
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/
Product product
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/edimax-gs-5008pl-csrf-via-management-cgi-endpoints
Scores
CVSS v3
4.3
EPSS
0.0021
EPSS Percentile
10.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (3)
edimax/gs-5008pl_firmware
< 1.00.54
EDIMAX Technology Co., Ltd./Edimax GS-5008PL
< 1.0.54
EDIMAX Technology Co., Ltd./Edimax GS-5008PL
< 1.00.54
Published
Mar 17, 2026
Tracked Since
Mar 18, 2026