91 matches found
EUVD-2026-43309
A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly...
EUVD-2026-43314
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...
EUVD-2026-43317
A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...
EUVD-2026-43304
A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...
CVE-2026-15548
CVE-2026-15548 affects Shibby Tomato up to version 1.28.0000. The flaw resides in the DNS List Rendering component, specifically the function sub_407220 in /usr/sbin/httpd, where a stack-based buffer overflow can be triggered remotely. The vulnerability is described across multiple sources as ena...
CVE-2026-15547
Shibby Tomato (up to 1.28.0000) contains a vulnerability in the CIFS Mount Handler sub_2D048 that allows remote OS command injection by manipulating the cifs1/cifs2 arguments. A public exploit exists; impact is described with network access and low privileges. The project is superseded by FreshTo...
CVE-2026-15546
The CVE-2026-15546 entry describes a remote OS command injection in Shibby Tomato up to 1.28.0000. Affected component: start_jffs2, function sub_2D568. Exploitation involves manipulating the argument jffs2_exec; exploit is public and may be used for attacks. CVSS data indicate network access with...
CVE-2026-15545
CVE-2026-15545 concerns Shibby Tomato versions up to 1.28.0000. The vulnerability affects the component apcupsd, specifically the function main in the file www/apcupsd/tomatodata.cgi, causing an out-of-bounds write. The description indicates a remote attack vector, with a publicly available explo...
CVE-2026-15544
The CVE-2026-15544 entry concerns Shibby Tomato (up to 1.28.0000) with the apcupsd component. The vulnerability affects the function getupsvar in the file www/apcupsd/tomatodata.cgi, where manipulation of the Field argument leads to a stack-based buffer overflow. The issue can be triggered remote...
PT-2026-57619
Name of the Vulnerable Software and Affected Versions Shibby Tomato versions prior to 1.28.0000 Description A stack-based buffer overflow exists in the DNS List Rendering component within the /usr/sbin/httpd file. The issue occurs in the sub 407220 function and can be exploited remotely. A...
PT-2026-57618
A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly...
CVE-2026-10871
A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...
CVE-2026-10873
A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2026-10870
A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...
CVE-2026-10068
A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...
CVE-2026-10066
A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by...
CVE-2026-10065
A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function getupsfield of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...
CVE-2026-10067
A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are...
EUVD-2026-34340
A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
EUVD-2026-34339
A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...