CVE-2026-32841

Sažetak

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

Reference

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/
https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients

CVSS

Base:	8.1
Impact:	5.9
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-03-2026 - 22:16

Objavljeno

17-03-2026 - 22:16