Description
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.
Published: 2026-04-02
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An authenticated user can supply a crafted DATE parameter to /cgi-bin/logs_proxy.cgi on Endian Firewall, which is then used directly in a Perl open() call without proper validation. This flaw allows the attacker to inject and execute arbitrary operating‑system commands, giving full control over the host. The vulnerability is a classic command injection, classified as CWE-78, and can compromise confidentiality, integrity, and availability of the compromised firewall and any devices it protects.

Affected Systems

Endian Firewall products, specifically versions 2.1.2, 2.4, and 3.3.25 or earlier, expose the vulnerable /cgi-bin/logs_proxy.cgi endpoint to authenticated users. The flaw exists across these releases and affects all installations that allow user authentication to this CGI script.

Risk and Exploitability

The CVSS score of 8.7 reflects a high severity assessment, and although EPSS data is not available, the absence from CISA’s KEV list suggests no known widespread exploitation yet. The most likely attack vector is an authenticated internal or remote user sending a malicious DATE value to the CGI script, possibly automated. Because the flaw operates from legitimate credentials, it has a low barrier to exploitation and poses a significant threat to environments running these firewall versions.

Generated by OpenCVE AI on April 2, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Endian Firewall to a version newer than 3.3.25 that resolves the command injection in logs_proxy.cgi.
  • Restrict access to /cgi-bin/logs_proxy.cgi by limiting the set of users who can authenticate to that endpoint.
  • Implement input sanitization or remove the vulnerable DATE parameter handling from the CGI script as a temporary workaround.
  • Monitor firewall logs for anomalous DATE values or unexpected command execution attempts and investigate promptly.
  • If neither upgrade nor access restriction is feasible, consult Endian support for further guidance and apply additional network segmentation to contain the potential impact.

Generated by OpenCVE AI on April 2, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.
Title Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection
First Time appeared Endian
Endian firewall
Weaknesses CWE-78
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Endian Firewall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-02T18:40:50.969Z

Reserved: 2026-03-30T20:26:18.724Z

Link: CVE-2026-34791

cve-icon Vulnrichment

Updated: 2026-04-02T18:40:40.865Z

cve-icon NVD

Status : Received

Published: 2026-04-02T15:16:42.780

Modified: 2026-04-02T15:16:42.780

Link: CVE-2026-34791

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:52Z

Weaknesses