CVE-2026-32839 PUBLISHED

Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Assigner: VulnCheck
Reserved: 16.03.2026 Published: 17.03.2026 Updated: 17.03.2026

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 5.1

Product Status

Vendor EDIMAX Technology Co., Ltd.
Product Edimax GS-5008PL
Versions Default: unknown
  • affected from 0 to 1.00.54 (incl.)

Credits

  • Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. finder

References

Problem Types

  • CWE-352 Cross-Site request forgery (CSRF) CWE