CVE-2026-34797
Command Injection in Endian Firewall SMTP Logs CGI (Authenticated
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-34797 allows authenticated users to execute arbitrary OS commands, which can lead to significant impacts on confidentiality, integrity, and availability of data.
Such impacts can potentially result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2026-34797 is a high-severity vulnerability in Endian Firewall versions 3.3.25 and earlier that allows authenticated users to execute arbitrary operating system commands.
The vulnerability arises because the DATE parameter in the /cgi-bin/logs_smtp.cgi script is used to build a file path passed to a Perl open() call without proper validation.
An incomplete regular expression check fails to properly neutralize special characters, enabling command injection through the DATE parameter.
How can this vulnerability impact me? :
This vulnerability can have a significant impact on the confidentiality, integrity, and availability of the affected system.
- An attacker with low privileges and no user interaction can execute arbitrary OS commands.
- This can lead to unauthorized access, data manipulation, or disruption of services.
- Because the attack complexity is low, it is relatively easy for an attacker to exploit.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /cgi-bin/logs_smtp.cgi endpoint for command injection via the DATE parameter. Since the vulnerability allows authenticated users to execute arbitrary OS commands, detection involves sending crafted requests with payloads in the DATE parameter to observe if command execution occurs.
A common approach is to send HTTP requests to the vulnerable CGI script with the DATE parameter containing command injection payloads, such as appending shell commands separated by semicolons or other command separators.
Example command using curl to test for command injection (replace USERNAME and PASSWORD with valid credentials):
- curl -u USERNAME:PASSWORD "http://target/cgi-bin/logs_smtp.cgi?DATE=2026-04-02;id"
If the response contains output from the injected command (e.g., the output of 'id'), it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /cgi-bin/logs_smtp.cgi script to trusted users only, as the vulnerability requires authentication.
Additionally, monitor and audit logs for suspicious activity involving the DATE parameter to detect exploitation attempts.
The most effective mitigation is to upgrade Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.
If an upgrade is not immediately possible, consider applying input validation or filtering on the DATE parameter to prevent command injection, or disable the vulnerable CGI script if it is not required.