Executive Summary

CVE-2026-34808 is a stored Cross-Site Scripting (XSS) vulnerability found in Endian Firewall versions 3.3.25 and earlier. It occurs in the /cgi-bin/outgoingfw.cgi script through the "remark" parameter.

An authenticated attacker can inject arbitrary JavaScript code into this parameter. This malicious code is stored on the server and executed when other users view the affected page, potentially compromising their security.

This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes in the browsers of other users viewing the affected page.

• It can lead to unauthorized actions performed on behalf of users, such as stealing session cookies or credentials.
• It may result in data theft, user impersonation, or other malicious activities that compromise confidentiality and integrity.

The CVSS v4 base score of 5.1 indicates a medium severity with low attack complexity but requiring authentication.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the remark parameter of the /cgi-bin/outgoingfw.cgi script on Endian Firewall versions 3.3.25 and earlier.

Since the vulnerability requires authentication, detection involves verifying if arbitrary JavaScript code has been injected and stored via the remark parameter.

A practical approach is to perform authenticated requests to the /cgi-bin/outgoingfw.cgi endpoint and inspect the remark parameter for suspicious JavaScript code.

• Use curl or similar tools to send authenticated GET or POST requests to /cgi-bin/outgoingfw.cgi and analyze the response for injected scripts.
• Example command to fetch the page (replace USER, PASSWORD, and URL accordingly):
• curl -u USER:PASSWORD "http://<firewall-ip>/cgi-bin/outgoingfw.cgi" | grep -i remark
• Review the output for any embedded JavaScript code or suspicious script tags.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, ensure that only trusted and authenticated users have access to the Endian Firewall management interface.

Limit user privileges to reduce the risk of an attacker injecting malicious JavaScript via the remark parameter.

Monitor and sanitize inputs to the remark parameter to prevent injection of arbitrary scripts.

Apply any available patches or updates from Endian Firewall that address this stored XSS vulnerability.

If patching is not immediately possible, consider restricting access to the /cgi-bin/outgoingfw.cgi endpoint or disabling the affected functionality temporarily.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how CVE-2026-34808 affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0