CVE-2026-34810
Stored XSS in Endian Firewall VPNFW.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34810 is a stored Cross-Site Scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier. It occurs via the "remark" parameter in the /cgi-bin/vpnfw.cgi endpoint. An attacker who is authenticated can inject arbitrary JavaScript code into this parameter. This malicious code is then stored on the server and executed whenever other users view the affected page.
This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes in the browsers of other users viewing the affected page. This can lead to unauthorized actions performed on behalf of those users, theft of sensitive information such as session tokens, or other malicious activities enabled by executing arbitrary scripts in a trusted context.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the remark parameter of the /cgi-bin/vpnfw.cgi endpoint on Endian Firewall versions 3.3.25 and earlier.
Since the vulnerability requires authentication, detection involves authenticating to the firewall and inspecting the remark parameter for injected JavaScript code.
- Use a web proxy or browser developer tools to authenticate and monitor requests to /cgi-bin/vpnfw.cgi.
- Manually or with automated scripts, send requests to retrieve the remark parameter content and check for suspicious JavaScript code.
- Example command using curl to authenticate and fetch the page (replace placeholders accordingly):
- curl -u username:password "https://<firewall-ip>/cgi-bin/vpnfw.cgi" -k
- Then inspect the response for injected JavaScript in the remark parameter.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Upgrade Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.
- Restrict access to the /cgi-bin/vpnfw.cgi endpoint to trusted authenticated users only.
- Monitor and sanitize inputs to the remark parameter to prevent injection of malicious JavaScript.
- Educate users to be cautious when viewing pages that may contain user-generated content.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a stored Cross-Site Scripting (XSS) issue that allows an authenticated attacker to inject arbitrary JavaScript code, which can be executed by other users viewing the affected page. This can lead to unauthorized actions or data exposure within the affected system.
While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, stored XSS vulnerabilities can potentially impact compliance by exposing user data or enabling unauthorized access, which may violate data protection and privacy requirements under these regulations.
Therefore, organizations using the affected Endian Firewall versions should consider this vulnerability as a risk to maintaining compliance with common security and privacy standards, and should apply appropriate mitigations or updates.