Description
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences, which is then passed to an unlink() call.
Published: 2026-04-02
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: Unauthorized file deletion
Action: Patch immediately
AI Analysis

Impact

Authenticated users can trigger the /cgi-bin/backup.cgi endpoint with a crafted remove ARCHIVE value that includes directory‑traversal sequences. The input is concatenated into a file path without sanitization and passed to an unlink() system call, allowing the deletion of arbitrary files on the firewall’s filesystem. This can compromise configuration, log, or system files and could disrupt firewall operation.

Affected Systems

The flaw affects Endian Firewall products, specifically version 2.1.2, all 2.4 releases, and any release up to and including 3.3.25. Users running these or older releases should verify their version and acknowledge that the vulnerability remains present.

Risk and Exploitability

The score of 7.1 indicates high severity. Exploitation requires authentication to the web interface, and the vulnerability is not listed in the known exploited vulnerabilities catalog. The likely attack path involves a web request crafted by an authenticated user to /cgi-bin/backup.cgi with a malicious remove ARCHIVE parameter, enabling arbitrary file deletion.

Generated by OpenCVE AI on April 2, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or upgrade to a newer release that removes the flaw.
  • Restrict or disable access to the /cgi-bin/backup.cgi endpoint for users who do not need backup functionality.
  • Enforce strong authentication controls such as complex passwords, account lockout, and monitor for anomalous activity on the backup interface.
  • Monitor system logs for unexpected file deletions and verify critical configuration files regularly to detect and respond to potential exploitation.

Generated by OpenCVE AI on April 2, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Endian Firewall
Endian Firewall endian Firewall
Vendors & Products Endian Firewall
Endian Firewall endian Firewall

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences, which is then passed to an unlink() call.
Title Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal
First Time appeared Endian
Endian firewall
Weaknesses CWE-22
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Endian Firewall
Endian Firewall Endian Firewall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-02T14:45:47.375Z

Reserved: 2026-03-30T20:26:18.724Z

Link: CVE-2026-34790

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-02T15:16:42.560

Modified: 2026-04-02T15:16:42.560

Link: CVE-2026-34790

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:53Z

Weaknesses