The Edimax GS-5008PL network switch running firmware version 1.00.54 and prior contains a cross-site request forgery (CSRF) vulnerability identified as CVE-2026-32839 (CWE-352). This vulnerability arises due to the absence of anti-CSRF tokens and inadequate request validation in the device's web management interface. As a result, an attacker can craft malicious web pages that, when visited by an authenticated administrator, cause the device to execute unauthorized administrative commands without the administrator's consent. These commands include changing administrative passwords, uploading new firmware images, rebooting the device, performing factory resets, and modifying network settings. The vulnerability does not require the attacker to have any privileges or prior authentication, but it does require the administrator to interact with the malicious content (user interaction). The CVSS 4.0 base score is 5.1, reflecting medium severity, with network attack vector, low attack complexity, no privileges required, but requiring user interaction. The vulnerability impacts device confidentiality, integrity, and availability by enabling full administrative control through CSRF attacks. No patches or firmware updates are currently linked, and no known exploits have been reported in the wild as of the publication date.

This vulnerability can have significant consequences for organizations deploying the Edimax GS-5008PL switches. Unauthorized administrative actions can lead to complete device takeover, allowing attackers to change passwords and lock out legitimate administrators, upload malicious firmware to implant persistent backdoors, reboot devices causing network downtime, reset configurations to disrupt network operations, or alter network settings to redirect or intercept traffic. Such control compromises the confidentiality, integrity, and availability of the network infrastructure. In environments where these switches serve critical roles, such as enterprise networks, data centers, or industrial control systems, exploitation could lead to operational disruptions, data breaches, or lateral movement within the network. The requirement for user interaction limits automated exploitation but targeted phishing or social engineering campaigns against network administrators could enable successful attacks. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as exploit code could be developed given the vulnerability details.

Organizations should immediately assess their deployment of Edimax GS-5008PL devices and verify firmware versions. Since no official patches are currently linked, mitigation should focus on reducing exposure: 1) Restrict access to the device's management interface to trusted networks and IP addresses only, using network segmentation and firewall rules. 2) Educate administrators to avoid visiting untrusted or suspicious web pages while logged into device management consoles. 3) Implement multi-factor authentication if supported to reduce risk from compromised credentials. 4) Monitor network traffic and device logs for unusual administrative actions or firmware uploads. 5) Consider isolating the device management interface from general user networks to prevent CSRF attack vectors. 6) Engage with Edimax for firmware updates or patches addressing this vulnerability and plan timely updates once available. 7) Employ web browser security features or extensions that block cross-site requests or scripts from untrusted origins to reduce CSRF risks. 8) Regularly back up device configurations to enable rapid recovery in case of compromise.