CVE-2026-32841 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 19, 2026
Edimax GS-5008PL - Authentication Bypass
Overview
Edimax GS-5008PL firmware <= 1.00.54 contains an authentication bypass caused by exploitation of the global authentication flag mechanism, letting unauthenticated attackers gain administrative access after any user authenticates.
Severity & Score
Impact
Unauthenticated attackers can gain full administrative access, allowing password changes, firmware uploads, and configuration modifications.
Mitigation
Update to the latest firmware version.
References
- https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/
- https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/
- https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients
Social Media Activity(2 posts)
⚠️ CRITICAL: Edimax GS-5008PL (≤1.00.54) has an auth bypass flaw (CVE-2026-32841). Attackers can gain admin access with no creds after any login. Isolate devices, restrict access, monitor logs — patch ASAP when available. https://radar.offseq.com/threat/cve-2026-32841-cwe-1108-excessive-reliance-on-glob-a4b3dee3 #OffSeq #CVE202632841 #IoTSecurity
View original post
🟠 CVE-2026-32841 - High (8.1) Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain adm... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32841/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32841
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_authentication
- Status
- confirmed
- EPSS
- 9.2%
- Social Posts
- 2
CWE
- CWE-1108
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H