Skip to main content

Shibby Tomato EUVD-2026-33467

| CVE-2026-10124 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-30 VulDB GHSA-xv8j-c5vv-vvmg
Buffer Overflow Stack Overflow Tomato
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 30, 2026 - 16:28 vuln.today
v3 (cvss_changed)
Analysis Updated
May 30, 2026 - 16:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 30, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
May 30, 2026 - 16:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 30, 2026 - 16:20 vuln.today

DescriptionCVE.org

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt memory in the ripd daemon via the rip_zebra_read_ipv4 function in the Zserv Handler component. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - so no vendor patch will be released. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privilege network position
Delivery
Reach ripd Zserv interface
Exploit
Send crafted rip_zebra_read_ipv4 message
Execution
Overflow stack buffer
Persist
Hijack control flow in ripd
Impact
Execute code as root on router
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires the RIP routing daemon (/usr/sbin/ripd) to be enabled on the target Shibby Tomato router - RIP is not enabled by default in typical home configurations, which significantly limits the population of exploitable devices. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 base of 7.4 reflects network reachability (AV:N), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), and high impact across confidentiality, integrity, and availability of the vulnerable component, with E:P indicating a proof-of-concept exploit exists. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged access to a network segment reachable by the router's ripd daemon sends a crafted Zserv protocol message that triggers the buffer overflow in rip_zebra_read_ipv4, corrupting the stack and hijacking control flow inside ripd, which typically runs as root on Tomato firmware. Publicly available exploit code lowers the barrier to weaponization, and successful exploitation yields code execution on the router, enabling traffic interception, DNS hijacking, or persistent foothold inside the victim network.
Remediation No vendor-released patch identified at time of analysis - Shibby Tomato is end-of-life and will not receive fixes. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Shibby Tomato router instances and document firmware versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33467 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy