CVE Catalog

CVE-2026-13371

MediumCVSS 6.9
Published: Translated: NVD NIST

Summary

A vulnerability in the Fireware Management Web UI allows an authenticated administrator to trigger a denial-of-service (DoS) condition by sending crafted data to the put_data endpoint, which performs unsafe deserialization of attacker-supplied input.

Risk Assessment

An attacker with admin privileges can disrupt the Fireware management interface, leading to unavailability of management services and potential network downtime.

Recommendation

Immediately update Fireware to the latest patched version and restrict access to the management interface to trusted IP addresses only.

Original NVD description (English source)

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS