Platform
linux
Component
edimax-gs-5008pl
Opgelost in
1.0.55
CVE-2026-32839 describes a cross-site request forgery (CSRF) vulnerability present in Edimax GS-5008PL network switches. This flaw allows a remote attacker to trick authenticated administrators into unknowingly executing malicious commands, potentially gaining control of the device. The vulnerability impacts versions 1.0.0 through 1.0.54 and has been resolved in version 1.0.55.
The CSRF vulnerability in the Edimax GS-5008PL switch allows an attacker to execute arbitrary administrative actions on behalf of a logged-in user. This includes, but is not limited to, changing administrator passwords, uploading malicious firmware, rebooting the device, performing factory resets, and modifying network configurations. Successful exploitation could lead to a complete compromise of the switch, enabling the attacker to intercept network traffic, disrupt services, or use the switch as a pivot point for further attacks within the network. The lack of proper anti-CSRF protections, such as request validation or CSRF tokens, makes this vulnerability particularly dangerous.
CVE-2026-32839 was publicly disclosed on March 17, 2026. There is no indication of active exploitation or inclusion on the CISA KEV catalog at this time. Public proof-of-concept (PoC) code is currently unavailable, but the relatively simple nature of CSRF vulnerabilities suggests that PoCs may emerge. The vulnerability's impact is amplified by the widespread deployment of small business network switches like the Edimax GS-5008PL.
Small and medium-sized businesses (SMBs) that rely on Edimax GS-5008PL switches for their network infrastructure are at significant risk. Organizations with limited security expertise or those using default configurations are particularly vulnerable. Shared hosting environments where multiple customers share the same switch also pose a heightened risk, as a compromised customer could potentially exploit the vulnerability to impact other tenants.
• linux / server:
journalctl -u edimax-gs-5008pl | grep -i "csrf"• generic web:
- Monitor access logs for requests to administrative endpoints (e.g., /admin/passwordreset, /admin/firmwareupload) originating from unusual IP addresses or user agents.
- Check response headers for unexpected redirects or changes in session cookies.
- Use curl to test for CSRF vulnerabilities by crafting malicious requests and observing the switch's behavior.
disclosure
Exploit Status
EPSS
0.03% (7% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-32839 is to upgrade the Edimax GS-5008PL switch firmware to version 1.0.55 or later. If an immediate upgrade is not feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. These may include restricting administrative access to the switch from untrusted networks, implementing multi-factor authentication (MFA) for administrative accounts, and carefully reviewing any configuration changes made through the web interface. Monitoring network traffic for suspicious requests targeting the switch's administrative interface can also help detect potential exploitation attempts. After upgrading, verify the fix by attempting a CSRF attack via a crafted URL and confirming that the action is denied.
Werk de firmware van de Edimax GS-5008PL bij naar versie 1.0.55 of hoger om de CSRF-kwetsbaarheid te mitigeren. Controleer de beschikbaarheid van de update op de website van de fabrikant. Implementeer aanvullende beveiligingsmaatregelen, zoals multi-factor authenticatie, om de toegang tot de administratie te beschermen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-32839 is a cross-site request forgery vulnerability affecting Edimax GS-5008PL switches, allowing attackers to perform unauthorized actions as administrators.
You are affected if your Edimax GS-5008PL switch is running version 1.0.0 through 1.0.54.
Upgrade your Edimax GS-5008PL switch firmware to version 1.0.55 or later. Consider temporary workarounds if an immediate upgrade is not possible.
There is currently no indication of active exploitation, but the vulnerability's nature suggests PoCs may emerge.
Refer to the Edimax security advisory for CVE-2026-32839 on the Edimax website (link not available at time of writing).
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.