{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34794", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T20:26:18.724Z", "datePublished": "2026-04-02T14:45:50.379Z", "dateUpdated": "2026-04-02T18:41:43.303Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-02T14:45:50.379Z"}, "title": "Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection", "descriptions": [{"lang": "en", "value": "Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation."}], "tags": ["x_open-source"], "datePublic": "2025-12-03T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)", "type": "CWE"}]}], "affected": [{"vendor": "Endian", "product": "Endian Firewall", "versions": [{"version": "3.3.25", "status": "affected", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*"}]}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "references": [{"url": "https://help.endian.com/hc/en-us/sections/360004371358-Community", "name": "Endian Release Notes", "tags": ["release-notes"]}, {"name": "VulnCheck Advisory: Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-logs-ids-cgi-date-perl-command-injection"}], "credits": [{"lang": "en", "value": "Alex Williams from Pellera Technologies", "type": "finder"}, {"lang": "en", "value": "VulnCheck", "type": "coordinator"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:41:28.662040Z", "id": "CVE-2026-34794", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:41:43.303Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34794", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T20:26:18.724Z", "datePublished": "2026-04-02T14:45:50.379Z", "dateUpdated": "2026-04-02T18:41:43.303Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-02T14:45:50.379Z"}, "title": "Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection", "descriptions": [{"lang": "en", "value": "Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation."}], "tags": ["x_open-source"], "datePublic": "2025-12-03T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)", "type": "CWE"}]}], "affected": [{"vendor": "Endian", "product": "Endian Firewall", "versions": [{"version": "3.3.25", "status": "affected", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*"}]}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "references": [{"url": "https://help.endian.com/hc/en-us/sections/360004371358-Community", "name": "Endian Release Notes", "tags": ["release-notes"]}, {"name": "VulnCheck Advisory: Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-logs-ids-cgi-date-perl-command-injection"}], "credits": [{"lang": "en", "value": "Alex Williams from Pellera Technologies", "type": "finder"}, {"lang": "en", "value": "VulnCheck", "type": "coordinator"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34794", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T18:41:28.662040Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:41:33.755Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation."}], "id": "CVE-2026-34794", "lastModified": "2026-04-02T15:16:44.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:44.547", "references": [{"source": "disclosure@vulncheck.com", "url": "https://help.endian.com/hc/en-us/sections/360004371358-Community"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-logs-ids-cgi-date-perl-command-injection"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.3.25"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Endian Firewall", "source": "cna", "vendor": "Endian"}, "product": "firewall", "vendor": "endian"}], "analysis": {"en": {"generated_at": "2026-04-02T16:24:10.238860+00:00", "value": {"mitigation_remediation": ["Upgrade Endian Firewall to the latest release (3.3.26 or newer).", "Restrict or disable the /cgi-bin/logs_ids.cgi endpoint for non\u2011admin users.", "Monitor HTTP requests for unexpected use of the DATE parameter and investigate anomalies."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Boards running Endian Firewall version 3.3.25 and older, including the 2.1.2, 2.4, and 3.3.25 releases, are impacted by the vulnerability in the logs_ids.cgi script. Any administrator or authenticated user of these releases can exploit the flaw.", "description_and_impact": "Authenticated users can inject arbitrary operating system commands via the DATE parameter in /cgi-bin/logs_ids.cgi. The application concatenates the parameter into a file path that is passed to a Perl open() call. A poorly constructed regular expression fails to filter malicious input, allowing the attacker to execute commands with the privileges of the web service. This results in full control of the affected firewall instance, compromising network security and device integrity.", "risk_and_exploitability": "The vulnerability receives a CVSS score of 8.7, indicating high severity. No EPSS score is published, and the flaw is not catalogued in CISA\u2019s KEV list, yet the prerequisite of an authenticated session is common in managed firewall environments, making exploitation realistic. Attackers can craft a DATE value that injects shell commands, causing the web service to execute them with full host privileges."}}}}, "created": "2026-04-02T20:12:08.790641+00:00", "updated": "2026-04-02T20:20:49.438921+00:00", "vendors": ["endian", "endian$PRODUCT$firewall"]}