CVE-2026-32841
Modified
Modified - Updated After Analysis
Authentication Bypass in Edimax GS-5008PL Enables Admin Access
Vulnerability report for CVE-2026-32841, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-17
Last updated on: 2026-05-26
Assigner: VulnCheck
Description
Description
Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | gs-5008pl_firmware | to 1.00.54 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1108 | The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context. |