Stored Cross-Site Scripting in Edimax GS-5008PL Firmware
CVE-2026-32840

5.1MEDIUM

Key Information:

Vendor

Edimax Technology Co., Ltd.

Status
Edimax Gs-5008pl
Vendor
CVE Published:
17 March 2026

What is CVE-2026-32840?

The firmware of the Edimax GS-5008PL device exposes a stored cross-site scripting vulnerability due to improper handling of the sysName parameter in the system_name_set.cgi script. This vulnerability allows attackers to send crafted POST requests containing malicious script payloads that can be executed in the context of the administrator's session when viewing certain management pages, such as system_data.js. Exploiting this vulnerability can lead to unauthorized actions on the device, potentially compromising sensitive information.

Affected Version(s)

Edimax GS-5008PL 0 <= 1.00.54

References

https://www.edimax.com/edimax/merchandise/merchandise_det...
product
https://www.edimax.com/edimax/merchandise/merchandise_lis...
product
https://www.vulncheck.com/advisories/edimax-gs-5008pl-sto...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
.