Endian Firewall Community — known CVE vulnerabilities
Every CVE whose affected-product data names Endian Firewall Community, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2021-27201 — CVSS 8.8 (high): Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a…
CVE-2026-34792 — CVSS 8.8 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to…
CVE-2026-34793 — CVSS 8.8 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to…
CVE-2026-34794 — CVSS 8.8 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to…
CVE-2026-34795 — CVSS 8.8 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to…
CVE-2026-34796 — CVSS 8.8 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to…
CVE-2026-34797 — CVSS 8.8 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to…
CVE-2026-34791 — CVSS 8.8 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to…
CVE-2026-34790 — CVSS 7.1 (high): Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE…
CVE-2026-34806 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An…
CVE-2026-34807 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An…
CVE-2026-34808 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An…
CVE-2026-34809 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An…
CVE-2026-34810 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An…
CVE-2026-34811 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An…
CVE-2026-34812 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi…
CVE-2026-34813 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An…
CVE-2026-34814 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An…
CVE-2026-34815 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An…
CVE-2026-34816 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/…
CVE-2026-34817 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi…
CVE-2026-34818 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/…
CVE-2026-34819 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An…
CVE-2026-34820 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An…
CVE-2026-34821 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/…
CVE-2026-34822 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/…
CVE-2026-34823 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An…
CVE-2026-34798 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An…
CVE-2026-34799 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An…
CVE-2026-34800 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An…
CVE-2026-34801 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An…
CVE-2026-34802 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to…
CVE-2026-34803 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An…
CVE-2026-34804 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An…
CVE-2026-34805 — CVSS 6.4 (medium): Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An…