Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.
AnalysisAI
Cross-site request forgery in Edimax GS-5008PL firmware version 1.00.54 and earlier allows unauthenticated remote attackers to trick administrators into performing unauthorized actions such as password changes, firmware uploads, device reboots, factory resets, and network configuration modifications by visiting attacker-controlled websites. The vulnerability exists due to missing CSRF token validation and insufficient request integrity checks. No patch is currently available for affected devices.
Technical ContextAI
Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).
RemediationAI
Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.
More in Edimax Gs 5008pl
View allEdimax GS-5008PL switches running firmware 1.00.54 and earlier contain an authentication bypass in the management interf
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
CVE-2026-32842 is a security vulnerability (CVSS 6.5) that allows attackers. Remediation should follow standard vulnerab
Stored cross-site scripting in Edimax GS-5008PL firmware version 1.00.54 and earlier allows authenticated attackers to i
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12649