Endian Endian Firewall

34 CVEs affecting Endian Endian Firewall. Latest disclosed: 2026-04-02. Critical: 0, High: 8.

Top CVEs affecting Endian Endian Firewall
CVESeverityScorePublishedSummary
CVE-2026-34797High8.82026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE…
CVE-2026-34796High8.82026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DA…
CVE-2026-34795High8.82026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE p…
CVE-2026-34794High8.82026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE p…
CVE-2026-34793High8.82026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The D…
CVE-2026-34792High8.82026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DAT…
CVE-2026-34791High8.82026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE…
CVE-2026-34790High7.12026-04-02Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bi…
CVE-2026-34823Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker c…
CVE-2026-34822Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated a…
CVE-2026-34821Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated…
CVE-2026-34820Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inje…
CVE-2026-34819Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attac…
CVE-2026-34818Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated at…
CVE-2026-34817Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated at…
CVE-2026-34816Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated…
CVE-2026-34815Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacke…
CVE-2026-34814Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker…
CVE-2026-34813Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker ca…
CVE-2026-34812Medium6.42026-04-02Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated atta…