Skip to main content

Firewall Community CVE-2026-34792

| EUVDEUVD-2026-18266 HIGH
OS Command Injection (CWE-78)
2026-04-02 disclosure@vulncheck.com GHSA-3pjf-h669-775r
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 15:22 euvd
EUVD-2026-18266
Analysis Generated
Apr 02, 2026 - 15:22 vuln.today
CVE Published
Apr 02, 2026 - 15:16 nvd
HIGH 8.7

DescriptionCVE.org

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.

AnalysisAI

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject arbitrary OS commands through the DATE parameter in /cgi-bin/logs_clamav.cgi. The vulnerability stems from incomplete input validation before passing user-controlled data to Perl's open() function, enabling command injection. With CVSS 8.7 (High severity) and network-based exploitation requiring only low-privilege authentication, this represents a significant post-authentication attack surface. No public exploit identified at time of analysis, though the technical details provided enable reproduction.

Technical ContextAI

This vulnerability affects Endian Firewall's Community Edition, a Linux-based network security appliance. The flaw resides in the CGI script handling ClamAV antivirus logs at /cgi-bin/logs_clamav.cgi. The vulnerable code accepts user input through the DATE parameter and constructs a file path that is passed directly to Perl's open() function without adequate sanitization. Perl's two-argument open() is notoriously dangerous because it interprets pipe characters (|) and other shell metacharacters, allowing command execution when opening files. The description indicates a regular expression validation exists but is incomplete, likely failing to block all injection vectors. This is a classic instance of CWE-78 (OS Command Injection) where unsanitized user input reaches a command execution sink. The vulnerability requires authenticated access, suggesting the CGI endpoint is behind the firewall's administrative interface rather than exposed to unauthenticated network traffic.

RemediationAI

Organizations should immediately upgrade to a patched version of Endian Firewall released after version 3.3.25 once available from the vendor. Check the Endian support portal at https://help.endian.com/hc/en-us/sections/360004371358-Community for security advisories and updated releases addressing CVE-2026-34792. Until patches are deployed, implement compensating controls including restricting administrative interface access to trusted IP ranges only, enforcing strong authentication policies with multi-factor authentication for all firewall administrators, monitoring system logs for unusual command execution patterns or access to logs_clamav.cgi, and implementing network segmentation to isolate administrative access. Review and audit all user accounts with access to the Endian Firewall web interface, removing unnecessary privileges. Consider temporarily disabling the ClamAV log viewing functionality if not operationally required. Full technical details are available in the VulnCheck advisory at https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-logs-clamav-cgi-date-perl-command-injection for security teams requiring deeper analysis for detection rule development.

CVE-2021-27201 HIGH POC
8.8 Feb 15

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m

CVE-2026-34797 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar

CVE-2026-34796 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi

CVE-2026-34795 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to

CVE-2026-34794 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co

CVE-2026-34793 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34791 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t

CVE-2026-34790 HIGH
7.1 Apr 02

Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t

CVE-2026-34821 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34823 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34820 MEDIUM
5.1 Apr 02

Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS

CVE-2026-34818 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious

Share

CVE-2026-34792 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy