anonhaven
Ad

CVE-2026-32840

MEDIUM CVSS 4.0: 5.1 EPSS 0.03%
Updated Mar 19, 2026
Payload
Parameter Value
CVSS 5.1 (MEDIUM)
Affected Versions before 1.00.54
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Payload
Public PoC No

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script payload that executes when management pages including system_data.js are viewed by administrators.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Edimax Gs-5008pl_Firmware
cpe:2.3:o:edimax:gs-5008pl_firmware:*:*:*:*:*:*:*:*
 <= 1.00.54
Edimax Gs-5008pl
cpe:2.3:h:edimax:gs-5008pl:-:*:*:*:*:*:*:*

References 3

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb…
disclosure@vulncheck.com
https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_l…
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/edimax-gs-5008pl-stored-xss-via-device-name
disclosure@vulncheck.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32869

Payload

5.1

CVE-2026-32868

Payload

5.1

CVE-2026-32866

Payload

5.1

CVE-2026-25772

Wazuh

7.2

CVE-2026-30882

Payload

6.1