CVE-2026-32840 MEDIUM

CVE-2026-32840: Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name

Vendor Edimax Technology Co., Ltd.
Product Edimax GS-5008PL
Weakness CWE-79 · XSS
Published March 17, 2026
Last update May 8, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script payload that executes when management pages including system_data.js are viewed by administrators.

Key dates

02Disclosure timeline

March 17, 2026 CVE published
May 8, 2026 Record updated

Related vulnerabilities

04Related CVE