CVE-2026-34796
Command Injection in Endian Firewall Logs_OpenVPN CGI Module
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34796 is a high-severity OS command injection vulnerability in Endian Firewall versions 3.3.25 and earlier.
The vulnerability exists in the /cgi-bin/logs_openvpn.cgi script, specifically in how it handles the DATE parameter.
Authenticated users can exploit this flaw by injecting arbitrary operating system commands through the DATE parameter.
This happens because the DATE parameter is used to build a file path that is passed to a Perl open() call, but the regular expression validation of this parameter is incomplete, allowing command injection.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-34796 allows authenticated users to execute arbitrary OS commands on affected Endian Firewall systems, which can lead to unauthorized access, modification, or disruption of sensitive data and system availability.
Such impacts on confidentiality, integrity, and availability can result in non-compliance with common standards and regulations like GDPR and HIPAA, which mandate strict protections for personal and health-related data.
Exploitation of this vulnerability could lead to data breaches or service disruptions, potentially causing violations of these regulatory requirements.
How can this vulnerability impact me? :
This vulnerability can have a high impact on the affected system's confidentiality, integrity, and availability.
An attacker with valid authentication can execute arbitrary OS commands remotely, potentially leading to unauthorized access, data compromise, or disruption of services.
The attack requires low privileges and no user interaction, making it easier to exploit over a network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized requests to the /cgi-bin/logs_openvpn.cgi endpoint, specifically those containing suspicious values in the DATE parameter that may indicate command injection attempts.
Since the vulnerability involves command injection via the DATE parameter, you can look for HTTP requests with unusual characters or command syntax in this parameter.
- Use network monitoring tools or web server logs to filter requests to /cgi-bin/logs_openvpn.cgi and inspect the DATE parameter.
- Example command to search web server logs for suspicious DATE parameter usage (assuming Apache logs):
- grep "/cgi-bin/logs_openvpn.cgi" /var/log/apache2/access.log | grep -E "DATE=.*[;&|$()]"
- Use intrusion detection systems (IDS) or web application firewalls (WAF) to detect command injection patterns targeting the DATE parameter.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /cgi-bin/logs_openvpn.cgi script to trusted authenticated users only.
Apply input validation or filtering on the DATE parameter to prevent command injection attempts.
If possible, upgrade Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.
As a temporary measure, consider disabling or restricting the CGI script until a patch or update is applied.