Description
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.
Published: 2026-04-02
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an authenticated user to inject and execute arbitrary operating system commands through the DATE parameter of /cgi-bin/logs_clamav.cgi. Because the parameter is incorporated into a file path that is passed to a Perl open() call without proper validation, it permits exploitation of CWE-78. A successful payload grants full control of the underlying host, enabling data theft, modification, or destruction.

Affected Systems

The flaw exists in Endian Firewall installations up to version 3.3.25, including the 2.1.2 and 2.4 release lines. Any system running these versions and allowing authenticated Web UI access to the logs_clamav CGI script is vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity, and while EPSS data is not available, the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires local or web admin credentials; an attacker can craft a request to the CGI script with a malicious DATE value, triggering command execution on the host.

Generated by OpenCVE AI on April 2, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Endian Firewall release that removes the command‑injection bug.
  • If an upgrade cannot be applied immediately, restrict or revoke administrator accounts that have access to /cgi-bin/logs_clamav.cgi or otherwise block that CGI endpoint via the web server or firewall.
  • Verify that no untrusted input is passed to Perl open() calls in the application and that the DATE parameter undergoes strict validation.
  • Monitor system logs for unusual command execution and consider adding audit rules to detect unauthorized activity.

Generated by OpenCVE AI on April 2, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.
Title Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection
First Time appeared Endian
Endian firewall
Weaknesses CWE-78
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Endian Firewall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-02T15:47:15.879Z

Reserved: 2026-03-30T20:26:18.724Z

Link: CVE-2026-34792

cve-icon Vulnrichment

Updated: 2026-04-02T15:47:08.650Z

cve-icon NVD

Status : Received

Published: 2026-04-02T15:16:43.030

Modified: 2026-04-02T15:16:43.030

Link: CVE-2026-34792

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:51Z

Weaknesses