Platform
linux
Component
endian-firewall
Fixed in
3.3.26
CVE-2026-34791 is a command injection vulnerability affecting Endian Firewall versions 3.3.25 and prior. This vulnerability allows authenticated users to execute arbitrary operating system commands by manipulating the DATE parameter in the /cgi-bin/logs_proxy.cgi script. The incomplete validation on the DATE parameter leads to command injection. No official patch is currently available.
CVE-2026-34791 in Endian Firewall versions 3.3.25 and prior allows authenticated users to execute arbitrary OS commands. This is achieved by manipulating the DATE parameter in the /cgi-bin/logs_proxy.cgi URL. Insufficient regular expression validation when processing this parameter leads to command injection. An authenticated attacker could exploit this flaw to execute malicious code, compromising the confidentiality, integrity, and availability of the firewall and potentially gaining access to the protected network. The vulnerability's severity is rated 8.8 on the CVSS scale, indicating a high risk.
An attacker needs to have authenticated access to the Endian firewall's administration panel. Once authenticated, they can manipulate the DATE parameter in the /cgi-bin/logs_proxy.cgi URL to inject OS commands. The vulnerability lies in how the DATE parameter is used to construct a file path that is passed to a Perl open() call. The regular expression validation is inadequate, allowing an attacker to inject special characters that are interpreted as OS commands. These commands are executed with the privileges of the user running the firewall process, which could be a user with elevated privileges.
Exploit Status
EPSS
0.49% (66% percentile)
CISA SSVC
CVSS Vector
Currently, there is no official fix provided by Endian for this vulnerability. The most effective mitigation is to upgrade to an Endian firewall version later than 3.3.25 as soon as it becomes available. In the meantime, restrict access to the firewall's administration panel to authorized users and monitor system logs for suspicious activity. Implementing a least privilege policy, where users only have the permissions necessary to perform their tasks, can also help limit the impact of a potential exploitation. Consider network segmentation to isolate the firewall from other critical systems.
Actualice Endian Firewall a una versión posterior a la 3.3.25 para corregir la vulnerabilidad de inyección de comandos. Consulte la documentación de Endian para obtener instrucciones sobre cómo realizar la actualización.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for this specific vulnerability in the Endian firewall.
All versions prior to 3.3.25 are vulnerable.
Review system logs for unusual commands or suspicious activity. Look for any indication of command execution that is not related to the firewall's normal functions.
Currently, there are no specific tools available, but it is recommended to perform a vulnerability scan with generic tools and review system logs.
Immediately isolate the firewall from the network, change all user passwords, and contact Endian support for assistance.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.