Plattform
linux
Komponente
endian-firewall
Behoben in
3.3.26
CVE-2026-34790 describes a Directory Traversal vulnerability discovered in Endian Firewall. This flaw allows authenticated users to delete arbitrary files on the system by manipulating the 'remove ARCHIVE' parameter in the /cgi-bin/backup.cgi script. The vulnerability impacts Endian Firewall versions 3.3.25 and earlier, and a patch is available to address the issue.
The impact of this vulnerability is significant due to the potential for complete system compromise. Successful exploitation allows an authenticated attacker to delete critical system files, potentially rendering the firewall inoperable or causing data loss. The ability to delete arbitrary files bypasses standard access controls, enabling an attacker to target configuration files, logs, or even core operating system components. While requiring authentication, the ease of exploitation makes it a high-priority concern for organizations relying on Endian Firewall for network security.
CVE-2026-34790 was publicly disclosed on 2026-04-02. No public proof-of-concept (POC) code has been released at the time of writing, but the vulnerability's simplicity suggests it could be easily exploited. It is not currently listed on the CISA KEV catalog. The EPSS score is likely to be medium, given the authentication requirement and the potential for significant impact.
Organizations heavily reliant on Endian Firewall for network security are at significant risk. Specifically, deployments with weak authentication practices or those using default configurations are more vulnerable. Shared hosting environments utilizing Endian Firewall also face increased exposure due to the potential for cross-tenant attacks.
• linux / server:
journalctl -u endian-firewall -g 'backup.cgi' | grep -i 'unlink'• linux / server:
ps aux | grep -i '/cgi-bin/backup.cgi'• generic web:
Use curl to test the /cgi-bin/backup.cgi endpoint with various directory traversal payloads in the 'remove ARCHIVE' parameter (e.g., ../../etc/passwd).
disclosure
Exploit-Status
EPSS
0.16% (36% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-34790 is to upgrade Endian Firewall to a version patched against this vulnerability. Consult the Endian Firewall vendor advisory for the specific patched version. If immediate patching is not feasible, restrict access to the /cgi-bin/backup.cgi endpoint to trusted users only. Implement a Web Application Firewall (WAF) rule to filter out directory traversal sequences (e.g., '../') in the 'remove ARCHIVE' parameter. Regularly monitor system logs for suspicious file deletion activity.
Actualice Endian Firewall a una versión posterior a la 3.3.25. Esto solucionará la vulnerabilidad de recorrido de directorios en el parámetro ARCHIVE al eliminar archivos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-34790 is a vulnerability in Endian Firewall versions ≤3.3.25 that allows authenticated users to delete arbitrary files via directory traversal in the /cgi-bin/backup.cgi script.
If you are using Endian Firewall version 3.3.25 or earlier, you are potentially affected by this vulnerability. Check your version and upgrade if necessary.
Upgrade Endian Firewall to a patched version as recommended by the vendor. Implement temporary workarounds like restricting access to the vulnerable script if immediate upgrading isn't possible.
As of now, there are no confirmed reports of active exploitation of CVE-2026-34790, but it's crucial to apply the patch proactively.
Refer to the official Endian Firewall security advisories on their website for detailed information and patch release notes.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.