Platform
linux
Component
endian-firewall
Fixed in
3.3.26
CVE-2026-34795 is a command injection vulnerability affecting Endian Firewall versions 3.3.25 and prior. This vulnerability allows authenticated users to execute arbitrary operating system commands by manipulating the DATE parameter in the /cgi-bin/logs_log.cgi script. The incomplete validation on the DATE parameter leads to command injection via a Perl open() call. No official patch is currently available.
CVE-2026-34795 in Endian Firewall versions 3.3.25 and prior allows authenticated users to execute arbitrary operating system commands. This is achieved by manipulating the DATE parameter in the URL /cgi-bin/logs_log.cgi. Insufficient regular expression validation when processing this parameter allows for command injection. An authenticated attacker could exploit this vulnerability to gain unauthorized access to the firewall's underlying system, potentially compromising the protected network. The CVSS severity score is 8.8, indicating a high risk. Successful exploitation could result in remote code execution, modification of firewall configuration, or theft of sensitive information.
The vulnerability is exploited by sending an HTTP request to /cgi-bin/logs_log.cgi with a malicious DATE parameter. This parameter contains operating system commands embedded within a string that the firewall interprets as a filename. Due to incomplete regular expression validation, the firewall cannot properly filter these commands, allowing them to be executed. Authentication is required to exploit this vulnerability, meaning the attacker must have valid credentials to access the firewall. The complexity of exploitation is relatively low, as it does not require advanced technical skills.
Exploit Status
EPSS
0.49% (66% percentile)
CISA SSVC
CVSS Vector
Currently, there is no official fix provided by Endian for this vulnerability. The most effective mitigation is to upgrade to an Endian Firewall version later than 3.3.25 as soon as it becomes available. In the meantime, it is recommended to restrict access to the firewall's administration interface to authorized users only and with strong passwords. Monitoring the firewall logs for suspicious activity can also help detect and respond to potential attacks. Implementing proper network segmentation can limit the impact of a potential exploitation. Consider implementing an Intrusion Detection System (IDS) to identify attack patterns related to command injection.
Actualice Endian Firewall a una versión posterior a la 3.3.25. Esto solucionará la vulnerabilidad de inyección de comandos en el parámetro DATE del script logs_log.cgi.
Vulnerability analysis and critical alerts directly to your inbox.
A CVSS score of 8.8 indicates a high risk. It signifies that the vulnerability is easily exploitable and can have a significant impact on system security.
Restrict access to the administration interface, use strong passwords, and monitor firewall logs.
Currently, there are no specific tools, but an IDS can help detect attack patterns.
Any operating system command that the authenticated user has permission to execute.
KEV (Known Exploitable Vulnerability) indicates that the vulnerability has a publicly available exploit. In this case, KEV is 'no', meaning no active public exploit is known.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.