Executive Summary

CVE-2026-34817 is a stored cross-site scripting (XSS) vulnerability found in Endian Firewall versions 3.3.25 and earlier. It occurs in the /cgi-bin/smtprouting.cgi script through the ADDRESS BCC parameter.

An authenticated attacker can inject arbitrary JavaScript code into this parameter, which is then stored on the server. When other users view the affected page, the malicious script executes, potentially compromising their security.

This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes in the browsers of other users who view the affected page.

The impact includes potential compromise of user security through actions such as session hijacking, unauthorized actions performed on behalf of users, or theft of sensitive information.

Although the CVSS scores indicate a medium severity with low impact on confidentiality, integrity, and availability, the persistent nature of the XSS can lead to ongoing security risks within the Endian Firewall management interface.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking for the presence of stored cross-site scripting (XSS) payloads in the ADDRESS BCC parameter of the /cgi-bin/smtprouting.cgi script on Endian Firewall versions 3.3.25 and earlier.

To detect exploitation attempts or presence of malicious scripts, you can review HTTP requests and responses involving the /cgi-bin/smtprouting.cgi endpoint, especially focusing on the ADDRESS BCC parameter.

Suggested commands include using curl or wget to send requests and grep or similar tools to search for suspicious JavaScript code in responses or logs.

• curl -u <username>:<password> 'http://<firewall-ip>/cgi-bin/smtprouting.cgi' | grep -i 'script'
• grep -r 'ADDRESS BCC' /var/log/httpd/ or relevant web server logs to find suspicious input
• Use a web vulnerability scanner to test for stored XSS on the /cgi-bin/smtprouting.cgi endpoint with authenticated access

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the Endian Firewall management interface to trusted users only and ensuring that only authenticated users can access the /cgi-bin/smtprouting.cgi script.

Users should prioritize updating Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.

As a temporary workaround, input validation or sanitization can be applied to the ADDRESS BCC parameter to prevent injection of malicious JavaScript.

Monitoring and logging access to the vulnerable endpoint can help detect exploitation attempts.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how CVE-2026-34817 affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0