Edimax Gs 5008pl
Monthly
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
Cross-site request forgery in Edimax GS-5008PL firmware version 1.00.54 and earlier allows unauthenticated remote attackers to trick administrators into performing unauthorized actions such as password changes, firmware uploads, device reboots, factory resets, and network configuration modifications by visiting attacker-controlled websites. The vulnerability exists due to missing CSRF token validation and insufficient request integrity checks. No patch is currently available for affected devices.
Stored cross-site scripting in Edimax GS-5008PL firmware version 1.00.54 and earlier allows authenticated attackers to inject malicious scripts through the sysName parameter in system_name_set.cgi, which execute when administrators access management pages. An attacker with login credentials can craft a POST request to persistently inject arbitrary JavaScript that compromises administrative sessions and enables unauthorized actions within the device management interface.
CVE-2026-32842 is a security vulnerability (CVSS 6.5) that allows attackers. Remediation should follow standard vulnerability management procedures.
Edimax GS-5008PL switches running firmware 1.00.54 and earlier contain an authentication bypass in the management interface that allows unauthenticated remote attackers to gain administrative access by exploiting a flawed global authentication flag mechanism. Once bypassed, attackers can modify administrator credentials, upload malicious firmware, and alter device configurations without any authentication required. No patch is currently available for this high-severity vulnerability.
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
Cross-site request forgery in Edimax GS-5008PL firmware version 1.00.54 and earlier allows unauthenticated remote attackers to trick administrators into performing unauthorized actions such as password changes, firmware uploads, device reboots, factory resets, and network configuration modifications by visiting attacker-controlled websites. The vulnerability exists due to missing CSRF token validation and insufficient request integrity checks. No patch is currently available for affected devices.
Stored cross-site scripting in Edimax GS-5008PL firmware version 1.00.54 and earlier allows authenticated attackers to inject malicious scripts through the sysName parameter in system_name_set.cgi, which execute when administrators access management pages. An attacker with login credentials can craft a POST request to persistently inject arbitrary JavaScript that compromises administrative sessions and enables unauthorized actions within the device management interface.
CVE-2026-32842 is a security vulnerability (CVSS 6.5) that allows attackers. Remediation should follow standard vulnerability management procedures.
Edimax GS-5008PL switches running firmware 1.00.54 and earlier contain an authentication bypass in the management interface that allows unauthenticated remote attackers to gain administrative access by exploiting a flawed global authentication flag mechanism. Once bypassed, attackers can modify administrator credentials, upload malicious firmware, and alter device configurations without any authentication required. No patch is currently available for this high-severity vulnerability.