Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
OS command injection on firmware yields full system control (C:H/I:H/A:H); PR:L confirmed by CVSS 4.0 vector; no scope change as impact is contained to the router itself.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This project is superseded by FreshTomato.
AnalysisAI
OS command injection in Shibby Tomato router firmware through version 1.28.0000 allows low-privileged remote attackers to execute arbitrary OS commands by manipulating the jffs2_exec argument in the start_jffs2 component's sub_2D568 function. A publicly available proof-of-concept exploit exists on Gitee, confirming exploitability beyond theoretical analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires low-privilege authentication to the Shibby Tomato web management interface (confirmed by PR:L in the CVSS 4.0 vector) - unauthenticated exploitation is not confirmed by available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 4.0 score of 5.3 with VC:L/VI:L/VA:L appears conservative for a CWE-78 OS command injection in firmware - command injection in this context typically yields full system control, not merely limited impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privileged access to the Shibby Tomato web management interface sends a crafted HTTP request targeting the start_jffs2 component, injecting shell metacharacters into the jffs2_exec parameter processed by sub_2D568, causing arbitrary OS commands to execute in the context of the firmware's management process. A proof-of-concept exploit is publicly available on Gitee, lowering the skill bar required for exploitation to script-kiddie level. … |
| Remediation | No patch will be released by the Shibby Tomato project as it is officially abandoned. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt me
Out-of-bounds write in the Shibby Tomato router firmware (versions up to and including 1.28.0000) lets authenticated rem
Remote authenticated command execution is possible in Shibby Tomato router firmware through version 1.28.0000, where the
OS command injection in Shibby Tomato 1.28.0000 firmware allows authenticated remote attackers to execute arbitrary oper
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a s
Stack-based buffer overflow in Shibby Tomato router firmware (versions up to and including 1.28.0000) allows a remote, l
OS command injection in Shibby Tomato firmware up to 1.28.0000 allows authenticated remote attackers to execute arbitrar
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43314
GHSA-pmqw-wcwq-2pqr