CVE-2026-32839

Published: Mar 17, 2026 Last Modified: Mar 17, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: active
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none

Description

AI Translation Available

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.

352

Cross-Site Request Forgery (CSRF)

Stable
Abstraction: Compound Structure: Composite
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Non-Repudiation Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: Web Based, Web Server
Likelihood of Exploit: Medium
View CWE Details
https://www.edimax.com/edimax/merchandise/merchandise_detai…
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb…
https://www.edimax.com/edimax/merchandise/merchandise_list/…
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_l…
https://www.vulncheck.com/advisories/edimax-gs-5008pl-csrf-…
https://www.vulncheck.com/advisories/edimax-gs-5008pl-csrf-via-management-cgi-e…