Description
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.
Published: 2026-04-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

The vulnerability allows an authenticated user to execute arbitrary operating‑system commands by manipulating the DATE parameter in /cgi-bin/logs_proxy.cgi. The input is incorporated into a file path used by a Perl open() call; a faulty regular expression fails to filter malicious content, leading to command injection. This weakness can compromise the confidentiality, integrity, and availability of the affected system, enabling an attacker to execute arbitrary code with the privileges of the web service account.

Affected Systems

Endian Firewall systems, including community and commercial editions, are affected. Versions up to and including 3.3.25, as well as earlier releases 2.1.2 and 2.4, are vulnerable. The issue persists across all supported builds addressed by the listed CPEs.

Risk and Exploitability

The CVSS v3.1 score of 8.7 indicates a high severity risk. EPSS indicates a low but non‑zero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, suggesting that it has not yet seen widespread exploitation in the wild. Exploitation requires authenticated access to the web interface; the attacker must log in with valid credentials, then submit a crafted DATE value to trigger the injection. While not a zero‑day, the combination of high impact and authenticated requirement makes it a priority for remediation.

Generated by OpenCVE AI on April 7, 2026 at 20:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Endian Firewall to the latest released version that includes a fix for the /cgi-bin/logs_proxy.cgi command injection.
  • Restrict web‑interface access to trusted internal networks and enforce strong, periodically rotated credentials for all authenticated users.
  • Enable logging of CGI parameters and monitor logs for anomalous command execution attempts to detect any exploitation attempts.

Generated by OpenCVE AI on April 7, 2026 at 20:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Endian firewall Community
CPEs cpe:2.3:a:endian:firewall_community:*:*:*:*:*:*:*:*
Vendors & Products Endian firewall Community

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.
Title Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection
First Time appeared Endian
Endian firewall
Weaknesses CWE-78
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Endian Firewall Firewall Community
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-03T03:55:34.828Z

Reserved: 2026-03-30T20:26:18.724Z

Link: CVE-2026-34791

cve-icon Vulnrichment

Updated: 2026-04-02T18:40:40.865Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:42.780

Modified: 2026-04-07T14:39:06.247

Link: CVE-2026-34791

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:15Z

Weaknesses