Executive Summary

CVE-2026-34810 is a stored Cross-Site Scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier. It occurs via the "remark" parameter in the /cgi-bin/vpnfw.cgi endpoint. An attacker who is authenticated can inject arbitrary JavaScript code into this parameter. This malicious code is then stored on the server and executed whenever other users view the affected page.

This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes in the browsers of other users viewing the affected page. This can lead to unauthorized actions performed on behalf of those users, theft of sensitive information such as session tokens, or other malicious activities enabled by executing arbitrary scripts in a trusted context.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the remark parameter of the /cgi-bin/vpnfw.cgi endpoint on Endian Firewall versions 3.3.25 and earlier.

Since the vulnerability requires authentication, detection involves authenticating to the firewall and inspecting the remark parameter for injected JavaScript code.

• Use a web proxy or browser developer tools to authenticate and monitor requests to /cgi-bin/vpnfw.cgi.
• Manually or with automated scripts, send requests to retrieve the remark parameter content and check for suspicious JavaScript code.
• Example command using curl to authenticate and fetch the page (replace placeholders accordingly):
• curl -u username:password "https://<firewall-ip>/cgi-bin/vpnfw.cgi" -k
• Then inspect the response for injected JavaScript in the remark parameter.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include:

• Upgrade Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.
• Restrict access to the /cgi-bin/vpnfw.cgi endpoint to trusted authenticated users only.
• Monitor and sanitize inputs to the remark parameter to prevent injection of malicious JavaScript.
• Educate users to be cautious when viewing pages that may contain user-generated content.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability is a stored Cross-Site Scripting (XSS) issue that allows an authenticated attacker to inject arbitrary JavaScript code, which can be executed by other users viewing the affected page. This can lead to unauthorized actions or data exposure within the affected system.

While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, stored XSS vulnerabilities can potentially impact compliance by exposing user data or enabling unauthorized access, which may violate data protection and privacy requirements under these regulations.

Therefore, organizations using the affected Endian Firewall versions should consider this vulnerability as a risk to maintaining compliance with common security and privacy standards, and should apply appropriate mitigations or updates.

Useful 0 Not Useful 0