CVE-2026-32841
Published: 17 March 2026
Summary
CVE-2026-32841 is a high-severity Excessive Reliance on Global Variables (CWE-1108) vulnerability in Edimax Gs-5008Pl Firmware. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires mechanisms to protect communications session authenticity and isolation, directly mitigating the global authentication flag that fails to separate authentication states across sessions.
Mandates enforcement of approved access authorizations, preventing unauthenticated attackers from gaining administrative access to the management interface via the flawed shared authentication mechanism.
Requires unique identification and authentication of organizational users prior to management interface access, countering the bypass that leverages any user's authentication for unauthorized entry.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass in network-accessible management web interface directly enables remote exploitation for initial admin access (T1190). Post-bypass capabilities explicitly include unauthorized password changes (T1098) and firmware uploads (T1601).
NVD Description
Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling…
more
unauthorized password changes, firmware uploads, and configuration modifications.
Deeper analysisAI
CVE-2026-32841 is an authentication bypass vulnerability (CWE-1108) in Edimax GS-5008PL firmware version 1.00.54 and prior. The flaw arises from a global authentication flag mechanism in the management interface, which fails to properly isolate authentication states across sessions.
Unauthenticated network attackers can exploit the vulnerability after any legitimate user authenticates to the management interface. This allows them to bypass credentials and gain administrative access, enabling unauthorized password changes, firmware uploads, and configuration modifications. The CVSS v3.1 base score is 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high attack complexity likely due to the need for a prior user authentication.
Mitigation guidance is available in vendor resources and advisories, including the Edimax GS-5008PL product page at https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/, the Edimax SMB legacy products list at https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/, and the VulnCheck advisory at https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients. The CVE was published on 2026-03-17.
Details
- CWE(s)