Description
Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.
Published: 2026-03-17
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized administrative actions via CSRF
Action: Apply Patch
AI Analysis

Impact

Edimax GS‑5008PL switches running firmware 1.00.54 or earlier contain a cross‑site request forgery flaw that lets a remote attacker induce a logged‑in administrator to visit a malicious page and perform unauthorized administrative actions such as changing passwords, uploading firmware, rebooting, performing factory resets, or modifying network configuration. The weakness exists because the device’s management CGI endpoints accept requests without anti‑CSRF tokens or request validation.

Affected Systems

Affected devices are Edimax Technology Co., Ltd. Edimax GS‑5008PL switches with firmware version 1.00.54 or earlier.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood that this vulnerability is actively exploited. It is not listed in CISA’s KEV catalog. Exploitation requires a victim administrator to visit a crafted web page, so the attack vector requires remote user interaction and social engineering.

Generated by OpenCVE AI on March 19, 2026 at 16:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the switch firmware to a version newer than 1.00.54 if an update is available from the vendor.
  • Disable remote management or restrict access to trusted internal networks to limit the attack surface.
  • Configure the device to require HTTPS for all administrative sessions and enforce strong, unique passwords.
  • Monitor device logs and network traffic for signs of abnormal administrative activity.

Generated by OpenCVE AI on March 19, 2026 at 16:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Edimax
Edimax gs-5008pl
Edimax gs-5008pl Firmware
CPEs cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*
cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax gs-5008pl
Edimax gs-5008pl Firmware

Wed, 18 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Edimax Technology
Edimax Technology edimax Gs-5008pl
Vendors & Products Edimax Technology
Edimax Technology edimax Gs-5008pl

Tue, 17 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Tue, 17 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.
Title Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints
Weaknesses CWE-352
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Edimax Gs-5008pl Gs-5008pl Firmware
Edimax Technology Edimax Gs-5008pl
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-18T20:10:22.877Z

Reserved: 2026-03-16T18:11:41.757Z

Link: CVE-2026-32839

cve-icon Vulnrichment

Updated: 2026-03-18T20:10:19.695Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T22:16:14.673

Modified: 2026-03-19T14:06:11.243

Link: CVE-2026-32839

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:34Z

Weaknesses