The open-source Netgate pfSense firewall technology, also known as pfSense, has a number of security flaws that might allow an attacker to execute arbitrary instructions on vulnerable equipment.
According to recent results from Sonar, the problems are related to two mirrored cross-site scripting (XSS) flaws and one command injection vulnerability.
Because network managers believe their firewalls would shield them from distant assaults, security inside local networks is frequently less stringent. Potential attackers may have used the vulnerabilities found to spy on traffic or target services within the local network."