CRITICAL🇵🇱 Wersja polska

CVE-2026-32841

CVSS 9.2v4.0pub. 2026-03-17upd. 2026-05-26

Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Edimax Gs 5008pl

    HW
    Edimax
    wszystkie wersje
  • Edimax Gs 5008pl Firmware

    OS
    Edimax
    ≤ 1.00.54
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-32838HIGH8.7ten sam produkt

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface withou...

CVE-2026-32842HIGH7.1ten sam produkt

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that ...

CVE-2026-32839MEDIUM5.1ten sam produkt

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that al...

CVE-2026-32840MEDIUM5.1ten sam produkt

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the...

CVE-2025-1316CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Edimax IC-7100: Command Injection umożliwiający zdalny RCE