Endian

Firewall

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-34803

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:45:57
  • Zuletzt bearbeitet 07.04.2026 15:40:48

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected ...

5.4

CVE-2026-34802

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:45:56
  • Zuletzt bearbeitet 07.04.2026 15:40:56

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users vi...

5.4

CVE-2026-34801

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:45:55
  • Zuletzt bearbeitet 07.04.2026 15:41:03

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the a...

5.4

CVE-2026-34800

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:45:54
  • Zuletzt bearbeitet 07.04.2026 15:41:11

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affe...

5.4

CVE-2026-34799

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:45:54
  • Zuletzt bearbeitet 07.04.2026 15:41:19

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affec...

5.4

CVE-2026-34798

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:45:53
  • Zuletzt bearbeitet 07.04.2026 15:41:27

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affecte...

8.8

CVE-2026-34797

  • EPSS 0.49%
  • Veröffentlicht 02.04.2026 14:45:52
  • Zuletzt bearbeitet 07.04.2026 14:36:47

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, whic...

8.8

CVE-2026-34796

  • EPSS 0.49%
  • Veröffentlicht 02.04.2026 14:45:51
  • Zuletzt bearbeitet 07.04.2026 14:37:14

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, w...

8.8

CVE-2026-34795

  • EPSS 0.49%
  • Veröffentlicht 02.04.2026 14:45:51
  • Zuletzt bearbeitet 07.04.2026 14:37:33

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which...

8.8

CVE-2026-34794

  • EPSS 0.49%
  • Veröffentlicht 02.04.2026 14:45:50
  • Zuletzt bearbeitet 07.04.2026 14:37:54

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which...