Skip to main content

Shibby Tomato EUVDEUVD-2026-43314

| CVE-2026-15546 LOW
OS Command Injection (CWE-78)
2026-07-13 VulDB GHSA-pmqw-wcwq-2pqr
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

OS command injection on firmware yields full system control (C:H/I:H/A:H); PR:L confirmed by CVSS 4.0 vector; no scope change as impact is contained to the router itself.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Jul 13, 2026 - 09:22 NVD
MEDIUM LOW
CVSS changed
Jul 13, 2026 - 09:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 13, 2026 - 09:04 vuln.today
CVE Published
Jul 13, 2026 - 08:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This project is superseded by FreshTomato.

AnalysisAI

OS command injection in Shibby Tomato router firmware through version 1.28.0000 allows low-privileged remote attackers to execute arbitrary OS commands by manipulating the jffs2_exec argument in the start_jffs2 component's sub_2D568 function. A publicly available proof-of-concept exploit exists on Gitee, confirming exploitability beyond theoretical analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege credentials for management interface
Delivery
Send crafted HTTP request to start_jffs2 endpoint
Exploit
Inject shell commands via jffs2_exec parameter
Execution
sub_2D568 passes unsanitized input to OS shell
Persist
Execute arbitrary commands on router OS
Impact
Achieve persistent access or pivot to internal network

Vulnerability AssessmentAI

Exploitation Exploitation requires low-privilege authentication to the Shibby Tomato web management interface (confirmed by PR:L in the CVSS 4.0 vector) - unauthenticated exploitation is not confirmed by available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 score of 5.3 with VC:L/VI:L/VA:L appears conservative for a CWE-78 OS command injection in firmware - command injection in this context typically yields full system control, not merely limited impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged access to the Shibby Tomato web management interface sends a crafted HTTP request targeting the start_jffs2 component, injecting shell metacharacters into the jffs2_exec parameter processed by sub_2D568, causing arbitrary OS commands to execute in the context of the firmware's management process. A proof-of-concept exploit is publicly available on Gitee, lowering the skill bar required for exploitation to script-kiddie level. …
Remediation No patch will be released by the Shibby Tomato project as it is officially abandoned. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Tomato

View all
CVE-2026-10124 HIGH POC
7.4 May 30

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt me

CVE-2026-15545 HIGH POC
7.4 Jul 13

Out-of-bounds write in the Shibby Tomato router firmware (versions up to and including 1.28.0000) lets authenticated rem

CVE-2026-15544 HIGH POC
7.4 Jul 13

Remote authenticated command execution is possible in Shibby Tomato router firmware through version 1.28.0000, where the

CVE-2026-10873 HIGH POC
7.3 Jun 04

OS command injection in Shibby Tomato 1.28.0000 firmware allows authenticated remote attackers to execute arbitrary oper

CVE-2026-10870 HIGH POC
7.3 Jun 04

OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra

CVE-2026-10872 HIGH POC
7.3 Jun 04

OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra

CVE-2026-10871 HIGH POC
7.3 Jun 04

OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra

CVE-2013-7379 MEDIUM POC
6.8 May 16

The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a s

CVE-2026-15548 HIGH
7.4 Jul 13

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to and including 1.28.0000) allows a remote, l

CVE-2026-15547 LOW POC
2.1 Jul 13

OS command injection in Shibby Tomato firmware up to 1.28.0000 allows authenticated remote attackers to execute arbitrar

Share

EUVD-2026-43314 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy