Lucene search
K
EndianFirewall Community

35 matches found

CVE
CVE
added 2021/02/15 6:17 p.m.51 views

CVE-2021-27201

CVE-2021-27201 affects Endian Firewall Community (EFW) 3.3.2. The vulnerability allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. The connected sources (NVD, Red Hat, CVE listing) confirm the issue; no remediation details are provided...

8.8CVSS8.6AI score0.02606EPSS
CVE
CVE
added 2026/04/02 2:45 p.m.32 views

CVE-2026-34796

Endian Firewall, up to version 3.3.25, is affected by a command-injection in /cgi-bin/logs_openvpn.cgi via the DATE parameter. The root cause is incomplete regular-expression validation that allows the DATE value to be used in a Perl open() call, enabling authenticated users with low privileges a...

8.8CVSS6.1AI score0.01466EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.22 views

CVE-2026-34819

Endian Firewall is affected by CVE-2026-34819: versions 3.3.25 and earlier are vulnerable to stored XSS via the REMARK parameter in /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. This is ca...

6.4CVSS5.9AI score0.00179EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.17 views

CVE-2026-34791

Endian Firewall versions 3.3.25 and earlier are affected by a command-injection flaw in /cgi-bin/logs_proxy.cgi through the DATE parameter. The value is used to build a file path then passed to a Perl open(), with incomplete regex validation enabling authenticated users to execute arbitrary OS co...

8.8CVSS6.1AI score0.01272EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.17 views

CVE-2026-34794

CVE-2026-34794 affects Endian Firewall versions up to 3.3.25. Authenticated users can execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The vulnerability arises because the DATE value constructs a file path that is passed to a Perl open() call, enabled by incomplete r...

8.8CVSS6.1AI score0.01222EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.17 views

CVE-2026-34797

CVE-2026-34797 - Endian Firewall : Endian Firewall versions 3.3.25 and earlier are affected. Authenticated users can run arbitrary OS commands via the DATE parameter in /cgi-bin/logs_smtp.cgi. The value is used to build a file path passed to a Perl open() call, with incomplete regex validation en...

8.8CVSS6.1AI score0.01248EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.17 views

CVE-2026-34818

Vulnerability summary (CVE-2026-34818): Endian Firewall versions up to 3.3.25 are affected by a stored XSS in the remark parameter of /manage/dnsmasq/localdomains/. An authenticated user can inject JavaScript that is stored and executed when other users view the page. The provided documents speci...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.16 views

CVE-2026-34799

Endian Firewall versions 3.3.25 and earlier are affected by a stored XSS in the remark field of /manage/dnsmasq/hosts/. An authenticated attacker can inject JavaScript that is stored and executed when other users view the page, enabling client-side script execution within the web UI context. The ...

6.4CVSS5.9AI score0.00168EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.16 views

CVE-2026-34816

Endian Firewall 3.3.25 and prior is affected by a stored cross-site scripting (XSS) vulnerability via the domain parameter in /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. The descrip...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.14 views

CVE-2026-34790

Endian Firewall versions 3.3.25 and prior are affected. The vulnerability resides in /cgi-bin/backup.cgi where the remove ARCHIVE parameter is used to build a file path without sanitizing directory traversal sequences, and the path is passed to unlink(). This allows an authenticated user to delet...

8.1CVSS6AI score0.00629EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.14 views

CVE-2026-34793

CVE-2026-34793 affects Endian Firewall versions 3.3.25 and prior. The flaw resides in the /cgi-bin/logs_firewall.cgi endpoint where the DATE parameter is used to build a file path that is then passed to a Perl open() call. Incomplete validation of the DATE parameter enables an authenticated user ...

8.8CVSS6.1AI score0.01248EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.13 views

CVE-2026-34795

Endian Firewall versions up to 3.3.25 are affected by a command injection vulnerability in the CGI endpoint /cgi-bin/logs_log.cgi, exploitable by authenticated users via the DATE parameter. The input is used to build a file path passed to a Perl open() call, with incomplete regular expression val...

8.8CVSS6.1AI score0.01469EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.13 views

CVE-2026-34820

Endian Firewall

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.13 views

CVE-2026-34822

Endian Firewall prior to 3.3.25 is affected by a stored XSS in the new_cert_name parameter of /manage/ca/certificate/. An authenticated attacker can inject JavaScript that is stored and executed when other users view the page. CVE-2026-34822; exploitation details, affected versions, and remediati...

6.4CVSS5.9AI score0.00092EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.12 views

CVE-2026-34823

CVE-2026-34823 affects Endian Firewall prior to version 3.3.25. The issue is a stored XSS in the remark parameter of /manage/password/web/. An authenticated attacker can inject JavaScript that is stored and then executed when other users view the affected page. The vulnerability is confirmed by m...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.11 views

CVE-2026-34792

CVE-2026-34792 – Endian Firewall : Affects Endian Firewall 3.3.25 and prior. An authenticated user can execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE value builds a file path that is passed to a Perl open() call, allowing command injection due to incomp...

8.8CVSS6.1AI score0.01272EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.11 views

CVE-2026-34804

Endian Firewall

6.4CVSS5.9AI score0.00168EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.11 views

CVE-2026-34807

CVE-2026-34807 affects Endian Firewall up to version 3.3.25, where a vulnerability in the remark parameter of /cgi-bin/incoming.cgi enables stored XSS. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. The provided docum...

6.4CVSS5.9AI score0.00205EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.11 views

CVE-2026-34810

Endian Firewall versions up to 3.3.25 are affected by a stored XSS in the remark parameter of /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. This is described across CVE-2026-34810 records (NVD, CV...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.11 views

CVE-2026-34817

Endian Firewall contains a stored XSS vulnerability in versions 3.3.25 and earlier. The flaw allows an authenticated attacker to inject JavaScript via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi, which is stored and executed when other users view the affected page. CVSS metrics include ...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.10 views

CVE-2026-34805

Endian Firewall 3.3.25 and prior is affected by a stored XSS in the remark parameter of /cgi-bin/dnat.cgi. An authenticated attacker can inject JavaScript that is stored and executed when other users view the page. No remediation details are provided in the supplied documents.

6.4CVSS5.9AI score0.00168EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.10 views

CVE-2026-34808

Vulnerability summary (CVE-2026-34808) Endian Firewall

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.10 views

CVE-2026-34809

Endian Firewall 3.3.25 and earlier are affected by a stored XSS in the remark parameter of /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored on the page and executed when other users view the affected page. Affected component: the CGI endpoint /cgi-bin/...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.10 views

CVE-2026-34813

Endian Firewall 3.3.25 and earlier are affected by a stored XSS vulnerability in the /cgi-bin/proxyuser.cgi user parameter. An authenticated attacker can inject JavaScript that is stored and executed when other users view the affected page.

6.4CVSS5.9AI score0.00173EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.10 views

CVE-2026-34814

CVE-2026-34814 affects Endian Firewall up to version 3.3.25. The vulnerability is a stored XSS via the group parameter to /cgi-bin/proxygroup.cgi, allowing an authenticated attacker to inject JavaScript that is later executed when other users view the affected page. The reported impact includes p...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.10 views

CVE-2026-34821

CVE-2026-34821 affects Endian Firewall up to version 3.3.25. A stored XSS flaw exists in the remark parameter of /manage/vpnauthentication/user/, allowing an authenticated attacker to inject JavaScript that is stored and executed when other users view the page. The provided sources specify affect...

6.4CVSS5.9AI score0.00157EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.9 views

CVE-2026-34800

Endian Firewall 3.3.25 and earlier is affected by a stored XSS in the NAME parameter of /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject JavaScript that is stored and executed when other users view the affected page. Impact is stored, reflected in user sessions/viewers; CVSS scores...

6.4CVSS5.9AI score0.00168EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.9 views

CVE-2026-34802

CVE-2026-34802 affects Endian Firewall

6.4CVSS5.9AI score0.00168EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.9 views

CVE-2026-34806

CVE-2026-34806 affects Endian Firewall versions 3.3.25 and earlier. The vulnerability arises from the remark parameter sent to /cgi-bin/snat.cgi, enabling an authenticated attacker to perform a stored cross-site scripting (XSS) attack by injecting arbitrary JavaScript that is later executed when ...

6.4CVSS5.9AI score0.00168EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.8 views

CVE-2026-34798

CVE-2026-34798 affects Endian Firewall,

6.4CVSS5.9AI score0.00172EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.8 views

CVE-2026-34801

CVE-2026-34801 : Endian Firewall versions 3.3.25 and earlier are affected by a stored XSS vulnerability in the remark parameter of /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. No exploita...

6.4CVSS5.9AI score0.00205EPSS
Web
CVE
CVE
added 2026/04/02 2:45 p.m.8 views

CVE-2026-34803

Endian Firewall versions 3.3.25 and earlier are affected by a stored XSS flaw in the name parameter of /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. Impact is limited to the described stored XSS...

6.4CVSS5.9AI score0.00168EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.8 views

CVE-2026-34812

Endian Firewall prior to 3.3.25 is affected by a stored XSS in the mimetypes parameter of /cgi-bin/proxypolicy.cgi. An authenticated user can inject JavaScript that is stored and executed when other users view the page. CVSS data from sources indicates a network-priority issue with low attack com...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.8 views

CVE-2026-34815

Endian Firewall (affected: 3.3.25 and earlier) is vulnerable to a stored XSS via the DOMAIN parameter in /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that gets stored and executed when other users view the affected page. This is driven by the DOMAIN input ha...

6.4CVSS5.9AI score0.00138EPSS
Web
CVE
CVE
added 2026/04/02 2:46 p.m.7 views

CVE-2026-34811

The CVE concerns Endian Firewall (version 3.3.25 and earlier) where the remark parameter of /cgi-bin/xtaccess.cgi allows stored XSS. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. Public disclosures from NVD and CVE r...

6.4CVSS5.9AI score0.00138EPSS
Web