CVE-2019-25411 in Comodo Dome Firewall
Summary
by MITRE • 02/19/2026
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/19/2026
The vulnerability CVE-2019-25411 represents a critical reflected cross-site scripting flaw within Comodo Dome Firewall version 2.7.0, exposing administrators to significant security risks through web-based attack vectors. This vulnerability specifically targets the DHCP configuration endpoint where the GATEWAY_GREEN parameter is processed without adequate input validation or output sanitization. The flaw allows attackers to craft malicious POST requests that inject malicious JavaScript code into the web application's response, which then executes within the browser context of authenticated administrators.
The technical implementation of this vulnerability follows standard reflected XSS patterns where user-controllable input flows directly into the web application's output without proper encoding or sanitization. When an administrator interacts with the DHCP configuration page and the vulnerable GATEWAY_GREEN parameter is manipulated, the malicious script payload becomes part of the HTTP response and executes in the victim's browser. This creates a persistent threat vector that can be exploited to hijack administrator sessions, steal sensitive configuration data, or perform unauthorized administrative actions on the firewall system.
From an operational impact perspective, this vulnerability significantly undermines the security posture of organizations relying on Comodo Dome Firewall for network protection. The attack requires minimal privileges since it targets the administrative interface, and successful exploitation can lead to complete compromise of the firewall's configuration and network traffic control capabilities. Attackers can leverage this vulnerability to establish persistent access, modify firewall rules, redirect network traffic, or exfiltrate sensitive network information. The reflected nature of the vulnerability means that attackers can deliver payloads through various vectors including phishing emails or compromised websites that direct administrators to malicious URLs.
The vulnerability aligns with CWE-79 which defines Cross-Site Scripting as a critical weakness in web applications where untrusted data is directly included in dynamic content without proper validation or encoding. This flaw also maps to ATT&CK technique T1059.007 for JavaScript execution and T1566 for credential access through social engineering. Organizations using this firewall version face potential exploitation by threat actors who can craft targeted attacks against network administrators, particularly during routine configuration tasks when administrators are most likely to interact with the web interface. The vulnerability's exploitation requires only basic web application attack knowledge and can be automated through various penetration testing tools.
Mitigation strategies for CVE-2019-25411 should prioritize immediate patching of Comodo Dome Firewall to version 2.7.1 or later, which includes proper input validation and output encoding for the affected parameter. Network administrators should implement additional security controls including web application firewalls, input validation rules, and regular security assessments of web interfaces. The organization should also consider implementing multi-factor authentication for administrative access, network segmentation to limit exposure, and user education to recognize potential phishing attempts that might leverage this vulnerability. Regular vulnerability scanning and penetration testing should be conducted to identify similar issues in other network security appliances and web applications within the organization's infrastructure.