Description
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Published: 2026-04-02
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Patch Now
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw in Endian Firewall’s /cgi‑bin/dnat.cgi. An authenticated attacker can give the remark parameter a malicious JavaScript payload that is stored by the system and executed whenever other users load the affected page. This allows the attacker to run arbitrary scripts in victims’ browsers, giving full access to session data, the ability to deface the interface or redirect users to malicious sites.

Affected Systems

The flaw affects Endian Firewall versions 2.1.2, 2.4, 3.3.25 and all community releases prior to 3.3.26. Any installation of these builds that exposes the /cgi‑bin/dnat.cgi endpoint to authorized users is vulnerable. The issue is present in both the commercial and community editions, so administrators should check the build number of their firewall.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate risk, and the low EPSS score (<1%) suggests that widespread exploitation is unlikely at present. However, because the attack requires authenticated access, it can be carried out by insiders or anyone who has compromised an admin account. The vulnerability is not listed in the CISA KEV catalog, so no specific exploit campaigns have been reported. Administrators should consider the risk of an attacker gaining credentials to the management interface and the potential impact of XSS on users’ security.

Generated by OpenCVE AI on April 7, 2026 at 23:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update for Endian Firewall from the vendor’s website.
  • If an update is not yet available, limit access to the /cgi-bin/dnat.cgi endpoint to a restricted set of trusted IP addresses.
  • Monitor the management interface for unauthorized changes to the remark parameter and review browser console logs for injected scripts.

Generated by OpenCVE AI on April 7, 2026 at 23:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Endian firewall Community
CPEs cpe:2.3:a:endian:firewall_community:*:*:*:*:*:*:*:*
Vendors & Products Endian firewall Community

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Title Endian Firewall /cgi-bin/dnat.cgi remark Stored Cross-Site Scripting
First Time appeared Endian
Endian firewall
Weaknesses CWE-79
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Endian Firewall Firewall Community
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-02T16:22:44.519Z

Reserved: 2026-03-30T20:26:18.725Z

Link: CVE-2026-34805

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:47.653

Modified: 2026-04-07T15:40:33.363

Link: CVE-2026-34805

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:58Z

Weaknesses