Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaScript via the remark parameter in /cgi-bin/routing.cgi, which persists and executes when other users access the affected page. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its immediate blast radius, but enables session hijacking, credential theft, or administrative impersonation within the firewall management interface.
Technical ContextAI
The vulnerability is a classic stored XSS flaw (CWE-79) where user-supplied input in the remark parameter is not properly sanitized or encoded before being stored in a backend database or session state and rendered in HTML responses. Endian Firewall's /cgi-bin/routing.cgi endpoint handles routing configuration through a web management interface; the remark field is typically intended for administrative notes but fails to strip or escape HTML/JavaScript metacharacters. An authenticated user with routing configuration privileges can inject payloads such as <script>alert('XSS')</script> or event handlers that execute in the context of other administrators viewing the routing configuration page. This affects Endian Firewall versions up to and including 3.3.25, a community-edition network security appliance commonly deployed in small-to-medium enterprise and SMB environments.
RemediationAI
Upgrade Endian Firewall to a patched version released after version 3.3.25; consult the official Endian support portal (https://help.endian.com/hc/en-us/sections/360004371358-Community) for the specific fixed version number and download instructions. As an interim workaround, restrict access to the firewall's web management interface (typically port 10443 or 443) to trusted administrator IP addresses or networks via firewall rules or network segmentation, and disable or revoke web console access for accounts that do not require active management duties. Additionally, review audit logs for stored routing remarks containing suspicious JavaScript or HTML patterns, and sanitize or remove any malicious entries manually if identified.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18278
GHSA-v33w-fhcc-gvrv