CVE-2026-32841 - Vulnerability Details

- Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients

Description

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

Published: 2026-03-17

Score: 9.2 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Edimax GS‑5008PL firmware version 1.00.54 and prior contain an authentication bypass (CWE‑1108) that lets an unauthenticated attacker hijack the global authentication flag after any user logs in, granting full administrative control. This enables unauthorized password changes, firmware uploads, and configuration modifications, effectively allowing an attacker to obtain complete control over the device and potentially pivot to other network assets.

Affected Systems

Affected products are the Edimax GS‑5008PL switch from EDIMAX Technology Co., Ltd. Firmware versions 1.00.54 and earlier are vulnerable. The CPE identifiers for affected devices are cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:* and cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*.

Risk and Exploitability

The CVSS score of 9.2 indicates a critical severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to access the management interface, which can be done remotely via the default web UI. Once accessed, the attacker can manipulate the device as if they had authenticated credentials.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

EDIMAX Technology Co., Ltd.

Edimax GS-5008PL

unknown

Version	Status	Constraints
`0`	affected	≤ 1.00.54

Configuration 1 [-]

AND

cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Edimax Technology

Edimax Gs-5008pl

100%

Version	Status	Scheme	Platform
`[0,1.00.54]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the switch firmware to the latest version (greater than 1.00.54).
If an upgrade cannot be performed immediately, restrict external access to the management interface to trusted internal networks or a VPN only.
Change default credentials and enable strong authentication or two‑factor authentication if supported.
Continuously monitor the device logs for unauthorized configuration changes or login attempts.

Generated by OpenCVE AI on March 19, 2026 at 16:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/
https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients

History

Thu, 19 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edimax Edimax gs-5008pl Edimax gs-5008pl Firmware
CPEs		cpe:2.3:h:edimax:gs-5008pl:-:::::::* cpe:2.3:o:edimax:gs-5008pl_firmware::::::::
Vendors & Products		Edimax Edimax gs-5008pl Edimax gs-5008pl Firmware

Wed, 18 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 18 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edimax Technology Edimax Technology edimax Gs-5008pl
Vendors & Products		Edimax Technology Edimax Technology edimax Gs-5008pl

Tue, 17 Mar 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 17 Mar 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.
Title		Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients
Weaknesses		CWE-1108
References		https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/ https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/ https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients
Metrics		cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Edimax Gs-5008pl Gs-5008pl Firmware

Edimax Technology Edimax Gs-5008pl

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-17T21:41:28.349Z

Updated: 2026-03-18T19:58:27.534Z

Reserved: 2026-03-16T18:11:41.758Z

Link: CVE-2026-32841

Vulnrichment

Updated: 2026-03-18T19:58:23.504Z

NVD

Status : Analyzed

Published: 2026-03-17T22:16:15.043

Modified: 2026-03-19T14:03:08.037

Link: CVE-2026-32841

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:54:36Z

Weaknesses

CWE-1108

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object