Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
OS command injection on router firmware yields full device compromise; PR:L reflects required low-privilege auth confirmed by CVSS 4.0 input vector.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This project is superseded by FreshTomato.
AnalysisAI
OS command injection in Shibby Tomato firmware up to 1.28.0000 allows authenticated remote attackers to execute arbitrary commands on the underlying router OS by manipulating the cifs1 or cifs2 arguments passed to the CIFS Mount Handler function sub_2D048. A publicly available proof-of-concept exploit exists on Gitee, lowering the barrier to exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold at minimum low-privilege authenticated access to the Shibby Tomato web management interface (CVSS PR:L confirmed). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N with VC:L/VI:L/VA:L) scores 5.3 (Medium), but this appears to understate real-world impact for OS command injection on router firmware, where arbitrary code execution commonly equates to full device compromise including credential exposure, persistent backdoor installation, and pivot capability into the LAN. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege credentials to the Shibby Tomato web interface (e.g., via credential guessing, phishing, or a shared password) submits a crafted HTTP request to the CIFS mount configuration endpoint, embedding shell metacharacters in the cifs1 or cifs2 parameter. The unsanitized input is passed directly to a system call in sub_2D048, executing arbitrary OS commands on the router as a privileged user. … |
| Remediation | No patch will be released for Shibby Tomato as the project is end-of-life and superseded by FreshTomato; the primary remediation is to migrate to FreshTomato or another actively maintained firmware (e.g., OpenWRT, DD-WRT) that receives security updates. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt me
Out-of-bounds write in the Shibby Tomato router firmware (versions up to and including 1.28.0000) lets authenticated rem
Remote authenticated command execution is possible in Shibby Tomato router firmware through version 1.28.0000, where the
OS command injection in Shibby Tomato 1.28.0000 firmware allows authenticated remote attackers to execute arbitrary oper
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitra
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a s
Stack-based buffer overflow in Shibby Tomato router firmware (versions up to and including 1.28.0000) allows a remote, l
OS command injection in Shibby Tomato router firmware through version 1.28.0000 allows low-privileged remote attackers t
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43317
GHSA-fv5c-8924-mvcw