Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Advisories

Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

severity: medium
date: 3/17/2026
Affecting: Edimax GS-5008PL firmware versions <= 1.00.54
This product is classified as a Legacy model
CVE: CVE-2026-32839
CWE: CWE-352 Cross-Site Request Forgery (CSRF)
CVSS: 5.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
References: SMB Legacy Switches Product Page
SMB Legacy Products List
Credit: Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
Description: Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and request validation to change passwords, upload firmware, reboot the device, perform factory resets, or modify network configurations.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo