CVE-2026-32841
Published: 17 March 2026
Summary
CVE-2026-32841 is a critical-severity Excessive Reliance on Global Variables (CWE-1108) vulnerability in Edimax Gs-5008Pl Firmware. Its CVSS base score is 9.2 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
CVE-2026-32841 is an authentication bypass vulnerability (CWE-1108) in Edimax GS-5008PL firmware version 1.00.54 and prior. The flaw arises from a global authentication flag mechanism in the management interface, which fails to properly isolate authentication states across sessions.
Unauthenticated network attackers can exploit the vulnerability after any legitimate user authenticates to the management interface. This allows them to bypass credentials and gain administrative access, enabling unauthorized password changes, firmware uploads, and configuration modifications. The CVSS v3.1 base score is 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high attack complexity likely due to the need for a prior user authentication.
Mitigation guidance is available in vendor resources and advisories, including the Edimax GS-5008PL product page at https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/, the Edimax SMB legacy products list at https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/, and the VulnCheck advisory at https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients. The CVE was published on 2026-03-17.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12653
Vulnerability details
Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling…
more
unauthorized password changes, firmware uploads, and configuration modifications.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass in network-accessible management web interface directly enables remote exploitation for initial admin access (T1190). Post-bypass capabilities explicitly include unauthorized password changes (T1098) and firmware uploads (T1601).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authenticated access decisions on the management interface, blocking the global authentication flag bypass that grants admin rights without per-session credentials.
Requires unique identification and authentication for each organizational user session before granting management interface access, preventing the shared global flag from allowing unauthenticated entry.
Protects session authenticity to ensure authentication state is bound to individual sessions rather than a global flag shared across clients.