Description
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences, which is then passed to an unlink() call.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file deletion by authenticated users
Action: Apply Patch
AI Analysis

Impact

Authenticated users can trigger deletion of arbitrary files by exploiting directory traversal in the remove ARCHIVE parameter of /cgi-bin/backup.cgi. The application constructs a file path from the unsanitized input and calls unlink(), allowing a logged‑in user to delete any file on the firewall. This can destroy configuration data, logs, or other critical files, leading to loss of integrity and potential service disruption.

Affected Systems

Endian Firewall versions 2.1.2, 2.4, 3.3.25 and the community edition are vulnerable. Any deployment using these firmware releases is susceptible to the flaw, regardless of size or location.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity. The EPSS score is below 1%, suggesting low exploitation likelihood so far. It is not listed in the CISA KEV catalog. As the flaw requires authentication, the attacker must first log into the firewall with a privileged account, then send a crafted request to /cgi-bin/backup.cgi containing a directory traversal sequence. Successful exploitation would allow the removal of arbitrary files, severely compromising system integrity.

Generated by OpenCVE AI on April 7, 2026 at 20:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update or security patch released by Endian for affected versions.
  • If no immediate patch is available, restrict the range of authenticated users who can access /cgi-bin/backup.cgi or disable the backup interface temporarily.
  • Monitor system logs for attempted unlink operations and file deletions to detect potential abuse.

Generated by OpenCVE AI on April 7, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Endian firewall Community
CPEs cpe:2.3:a:endian:firewall_community:*:*:*:*:*:*:*:*
Vendors & Products Endian firewall Community

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Endian Firewall
Endian Firewall endian Firewall
Vendors & Products Endian Firewall
Endian Firewall endian Firewall

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences, which is then passed to an unlink() call.
Title Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal
First Time appeared Endian
Endian firewall
Weaknesses CWE-22
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Endian Firewall Firewall Community
Endian Firewall Endian Firewall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-03T19:55:17.524Z

Reserved: 2026-03-30T20:26:18.724Z

Link: CVE-2026-34790

cve-icon Vulnrichment

Updated: 2026-04-03T19:55:12.906Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:42.560

Modified: 2026-04-07T14:42:38.180

Link: CVE-2026-34790

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:16Z

Weaknesses