CVE-2026-32841
Modified Modified - Updated After Analysis
Authentication Bypass in Edimax GS-5008PL Enables Admin Access

Publication date: 2026-03-17

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifications.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-17
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32841
EUVD
EUVD-2026-12653
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
edimax gs-5008pl_firmware to 1.00.54 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1108 The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Edimax GS-5008PL firmware version 1.00.54 and earlier contains an authentication bypass vulnerability. This flaw allows attackers who are not authenticated to access the device's management interface. Specifically, attackers can exploit a global authentication flag mechanism that, once any user has authenticated, lets them gain administrative access without needing credentials.

This unauthorized access enables attackers to change passwords, upload new firmware, and modify device configurations.

Impact Analysis

This vulnerability can have serious impacts as it allows unauthorized individuals to gain full administrative control over the affected device.

  • Attackers can change device passwords, potentially locking out legitimate users.
  • They can upload malicious firmware, which could compromise the device's integrity and security.
  • Configuration settings can be altered, potentially disrupting network operations or creating backdoors.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32841. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart