Tomato
Monthly
OS command injection in Shibby Tomato 1.28.0000 firmware allows authenticated remote attackers to execute arbitrary operating system commands by manipulating input to the rstats_path function within the /bin/rstats binary exposed via the Web UI. Publicly available exploit code exists per the Gitee advisory disclosed through VulDB, and the affected project is end-of-life - superseded by FreshTomato - meaning no upstream vendor patch is forthcoming. CVSS 4.0 base score is 7.3 with high privileges required but high confidentiality, integrity, and availability impact on the router.
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary operating system commands via the start_vpnserver function in /sbin/rc, reachable through the Web UI. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - meaning no upstream patch is forthcoming. The CVSS 4.0 score of 7.3 reflects high impact on confidentiality, integrity, and availability, but high privileges are required to trigger the flaw.
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary shell commands by manipulating the ipv6_6rd_borderrelay argument processed by the start_6rd_tunnel function in /sbin/rc via the Web UI. Publicly available exploit code exists per VulDB disclosure, and the project is end-of-life - superseded by FreshTomato - meaning no upstream fix is expected.
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary operating system commands via the start_dhcpc function in /sbin/rc, reachable through the Web UI. Publicly available exploit code exists per the VulDB advisory. The project has been discontinued and superseded by FreshTomato, meaning no upstream fix from the original maintainer is expected.
Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt memory in the ripd daemon via the rip_zebra_read_ipv4 function in the Zserv Handler component. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - so no vendor patch will be released. CVSS 4.0 score of 7.4 reflects network attack vector with low complexity but requires low-privilege access (PR:L) per the vector.
OS command injection in Shibby Tomato 1.28.0000 firmware allows authenticated remote attackers to execute arbitrary operating system commands by manipulating input to the rstats_path function within the /bin/rstats binary exposed via the Web UI. Publicly available exploit code exists per the Gitee advisory disclosed through VulDB, and the affected project is end-of-life - superseded by FreshTomato - meaning no upstream vendor patch is forthcoming. CVSS 4.0 base score is 7.3 with high privileges required but high confidentiality, integrity, and availability impact on the router.
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary operating system commands via the start_vpnserver function in /sbin/rc, reachable through the Web UI. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - meaning no upstream patch is forthcoming. The CVSS 4.0 score of 7.3 reflects high impact on confidentiality, integrity, and availability, but high privileges are required to trigger the flaw.
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary shell commands by manipulating the ipv6_6rd_borderrelay argument processed by the start_6rd_tunnel function in /sbin/rc via the Web UI. Publicly available exploit code exists per VulDB disclosure, and the project is end-of-life - superseded by FreshTomato - meaning no upstream fix is expected.
OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary operating system commands via the start_dhcpc function in /sbin/rc, reachable through the Web UI. Publicly available exploit code exists per the VulDB advisory. The project has been discontinued and superseded by FreshTomato, meaning no upstream fix from the original maintainer is expected.
Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt memory in the ripd daemon via the rip_zebra_read_ipv4 function in the Zserv Handler component. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - so no vendor patch will be released. CVSS 4.0 score of 7.4 reflects network attack vector with low complexity but requires low-privilege access (PR:L) per the vector.