CVE-2026-32841HIGH 8.1EPSS p43.8%

CVE-2026-32841CVE-2026-32841

Description

Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 43.8% · 2026-06-19T12:03:05Z
Published2026-03-17
Last modified2026-05-26

Underlying weaknesses· 1

CWE-1108

References

  1. https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/
  2. https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/
  3. https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients

1

TypeTargetConfidenceTier
WeaknessExcessive Reliance on Global Variablescwe-11080%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-44083
CVE
CVE-2026-27507
CVE
CVE-2026-0407
CVE
CVE-2025-52689
CVE
CVE-2026-10163
CVE
CVE-2026-0415
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.