CVE-2026-34796 Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34795

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34796 Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34795

Endian Firewall versions up to 3.3.25 are affected by a command injection vulnerability in the CGI endpoint /cgi-bin/logs_log.cgi, exploitable by authenticated users via the DATE parameter. The input is used to build a file path passed to a Perl open() call, with incomplete regular expression val...

CVE-2026-34795 Endian Firewall /cgi-bin/logs_log.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34796

Endian Firewall, up to version 3.3.25, is affected by a command-injection in /cgi-bin/logs_openvpn.cgi via the DATE parameter. The root cause is incomplete regular-expression validation that allows the DATE value to be used in a Perl open() call, enabling authenticated users with low privileges a...

CVE-2026-34794

CVE-2026-34794 affects Endian Firewall versions up to 3.3.25. Authenticated users can execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The vulnerability arises because the DATE value constructs a file path that is passed to a Perl open() call, enabled by incomplete r...

CVE-2026-34794 Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34793

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsfirewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplet...

CVE-2026-34793 Endian Firewall /cgi-bin/logs_firewall.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsfirewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplet...

CVE-2026-34793

CVE-2026-34793 affects Endian Firewall versions 3.3.25 and prior. The flaw resides in the /cgi-bin/logs_firewall.cgi endpoint where the DATE parameter is used to build a file path that is then passed to a Perl open() call. Incomplete validation of the DATE parameter enables an authenticated user ...

CVE-2026-34793 Endian Firewall /cgi-bin/logs_firewall.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsfirewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplet...

CVE-2026-34791

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsproxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34791 Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsproxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34792 Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34792

CVE-2026-34792 – Endian Firewall : Affects Endian Firewall 3.3.25 and prior. An authenticated user can execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE value builds a file path that is passed to a Perl open() call, allowing command injection due to incomp...

CVE-2026-34791

Endian Firewall versions 3.3.25 and earlier are affected by a command-injection flaw in /cgi-bin/logs_proxy.cgi through the DATE parameter. The value is used to build a file path then passed to a Perl open(), with incomplete regex validation enabling authenticated users to execute arbitrary OS co...

CVE-2026-34792

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34791 Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsproxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34792 Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...