CVE-2026-32839

MEDIUM

Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Title source: cna

Description

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.

References (3)

[Product] https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/

[Product] https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/

[Third Party Advisory] https://www.vulncheck.com/advisories/edimax-gs-5008pl-csrf-via-management-cgi-endpoints

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

edimax/gs-5008pl_firmware < 1.00.54

EDIMAX Technology Co., Ltd./Edimax GS-5008PL < 1.00.54

Published Mar 17, 2026

Tracked Since Mar 18, 2026