Authentication Bypass in Edimax GS-5008PL Switches
CVE-2026-32841

9.2CRITICAL

Key Information:

Vendor

Edimax Technology Co., Ltd.

Status
Edimax Gs-5008pl
Vendor
CVE Published:
17 March 2026

What is CVE-2026-32841?

The Edimax GS-5008PL switches are susceptible to an authentication bypass vulnerability in their firmware versions prior to 1.00.54. This flaw allows unauthenticated attackers to manipulate the global authentication flag, potentially granting them administrative access to the management interface. After any user successfully authenticates, attackers can exploit this vulnerability to change passwords, upload malicious firmware, and modify critical configurations without proper authorization, posing a significant risk to network security.

Affected Version(s)

Edimax GS-5008PL 0 <= 1.00.54

References

https://www.edimax.com/edimax/merchandise/merchandise_det...
product
https://www.edimax.com/edimax/merchandise/merchandise_lis...
product
https://www.vulncheck.com/advisories/edimax-gs-5008pl-glo...
third-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
.