CVE-2026-34797 is an OS command injection vulnerability classified under CWE-78 affecting Endian Firewall versions up to 3.3.25. The flaw exists in the handling of the DATE parameter passed to the CGI script /cgi-bin/logs_smtp.cgi. This parameter is used to construct a file path that is subsequently passed to a Perl open() function call. Due to incomplete regular expression validation, the input is not properly sanitized, allowing an authenticated attacker to inject arbitrary OS commands. The vulnerability requires only low privileges (authenticated user) and no additional user interaction, making it relatively easy to exploit remotely over the network. Successful exploitation could allow attackers to execute arbitrary commands with the privileges of the web server process, potentially leading to full system compromise, data exfiltration, or disruption of firewall services. The CVSS 4.0 base score is 8.7, reflecting high impact on confidentiality, integrity, and availability, with network attack vector and no required user interaction. Although no public exploits are currently known, the vulnerability poses a significant risk to organizations relying on Endian Firewall for perimeter security.

The impact of this vulnerability is substantial for organizations using Endian Firewall 3.3.25 or earlier. An attacker with valid credentials can execute arbitrary OS commands, potentially leading to full system compromise. This could result in unauthorized access to sensitive data, disruption of firewall operations, and the ability to pivot within the network for further attacks. The compromise of firewall devices undermines the security posture of the entire network, exposing internal systems to external threats. Given that firewalls are critical infrastructure components, exploitation could cause significant operational downtime and data breaches. The vulnerability affects confidentiality, integrity, and availability, making it a critical concern for organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on Endian Firewall for network security.

1. Upgrade Endian Firewall to a version later than 3.3.25 once a patch is released by the vendor. 2. Until a patch is available, restrict access to the /cgi-bin/logs_smtp.cgi endpoint to trusted administrators only via network segmentation and firewall rules. 3. Implement strict authentication and monitoring of all administrative access to the firewall to detect suspicious activities. 4. Use Web Application Firewalls (WAFs) or intrusion prevention systems (IPS) to detect and block command injection patterns targeting the DATE parameter. 5. Conduct regular audits of firewall logs and system integrity to identify potential exploitation attempts. 6. Educate administrators on the risks of command injection and the importance of input validation in custom scripts or configurations. 7. Consider disabling or restricting CGI scripts if not required for operational purposes to reduce the attack surface.