Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.
AnalysisAI
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to execute arbitrary OS commands via command injection in the DATE parameter of /cgi-bin/logs_log.cgi. The vulnerability stems from incomplete regular expression validation in Perl open() file path handling. No public exploit identified at time of analysis, though CVSS 8.7 severity reflects high potential impact across confidentiality, integrity, and availability. EPSS data not provided; exploitation requires network access with low-privilege authentication but no user interaction.
Technical ContextAI
This vulnerability exploits unsafe handling of user-controlled input in Perl's open() function within Endian Firewall's CGI-based web management interface. The logs_log.cgi script accepts a DATE parameter intended for constructing file paths to access log files. However, the regular expression validation is insufficiently restrictive, allowing metacharacters to be injected. In Perl, the two-argument form of open() interprets pipe characters and shell metacharacters as commands rather than literal filename components. This CWE-78 OS Command Injection vulnerability occurs when the application fails to properly neutralize special elements before incorporating user input into system command execution paths. The affected component is part of Endian Firewall's logging interface, which runs with elevated privileges necessary for system log access, amplifying the impact of successful exploitation.
RemediationAI
Organizations running affected Endian Firewall versions should immediately apply vendor-released patches when available by monitoring the official Endian Community support portal at https://help.endian.com/hc/en-us/sections/360004371358-Community for security updates addressing CVE-2026-34795. Upstream fix availability not independently confirmed from available data; consult vendor advisories for patched version numbers. As interim mitigations until patching, restrict network access to the web management interface using firewall rules to allow only trusted administrator IP addresses, disable remote management access if not operationally required, enforce strong authentication policies including multi-factor authentication for administrative accounts, and implement network segmentation to limit the impact of potential compromise. Review all user accounts with access to the web interface and remove or demote unnecessary privileges following least-privilege principles. Monitor system logs for suspicious command execution patterns or unexpected access to /cgi-bin/logs_log.cgi with unusual DATE parameter values. Consider deploying web application firewall rules to block requests containing shell metacharacters in the DATE parameter as a temporary control, though this should not replace patching.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18272
GHSA-89fh-vj32-9xrm