CVE-2026-34798
Stored XSS in Endian Firewall Routing CGI Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34798 is a stored cross-site scripting (XSS) vulnerability affecting Endian Firewall versions 3.3.25 and earlier. It occurs in the /cgi-bin/routing.cgi endpoint via the "remark" parameter.
An authenticated attacker can inject arbitrary JavaScript code through this parameter. This malicious code is stored on the server and executed when other users view the affected page, potentially compromising their security.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to execute arbitrary JavaScript in the context of other users who view the affected page. This can lead to session hijacking, unauthorized actions performed on behalf of users, or theft of sensitive information accessible through the browser.
The CVSS v4 base score of 5.1 indicates a moderate severity, with low attack complexity but requiring authentication. The impact on confidentiality and integrity is limited but still significant enough to pose a security risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the remark parameter of the /cgi-bin/routing.cgi endpoint on Endian Firewall versions 3.3.25 and prior.
Since the vulnerability requires authentication, detection involves authenticating to the firewall and inspecting the remark parameter for suspicious or injected JavaScript code.
Commands or methods to detect this could include using curl or wget to send authenticated requests to the /cgi-bin/routing.cgi endpoint and examining the response for injected scripts.
- Use curl with authentication to fetch the routing.cgi page: curl -u username:password "http://<firewall-ip>/cgi-bin/routing.cgi" | grep -i remark
- Manually inspect the remark parameter in the response for any embedded JavaScript code.
- Alternatively, use a web proxy or browser developer tools after authenticating to monitor the remark parameter for suspicious script injections.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected /cgi-bin/routing.cgi endpoint to trusted users only, as the vulnerability requires authentication.
Ensure that only authorized personnel have authenticated access to the firewall management interface.
If possible, disable or restrict the use of the remark parameter or sanitize inputs to prevent JavaScript injection.
Monitor and remove any suspicious or injected scripts found in the remark parameter.
Plan to upgrade Endian Firewall to a version later than 3.3.25 once a patch or fix is available.