Vendor
Shibby Tomato Router Firmware Stack-Based Buffer Overflow (CVE-2026-15548)
2 TTPs 1 CVEA critical stack-based buffer overflow vulnerability (CVE-2026-15548) exists in Shibby Tomato router firmware versions up to 1.28.0000, specifically in the `sub_407220` function of the `/usr/sbin/httpd` component related to DNS List Rendering, allowing remote attackers to achieve high impact on confidentiality, integrity, and availability.
Shibby Tomato Firmware Vulnerability CVE-2026-15545 Leads to Remote Out-of-Bounds Write
2 TTPs 1 CVEA critical out-of-bounds write vulnerability (CVE-2026-15545) exists in Shibby Tomato firmware up to version 1.28.0000, specifically within the `main` function of the `www/apcupsd/tomatodata.cgi` file in the `apcupsd` component, which can be exploited remotely with a publicly available exploit, posing a significant risk to affected network devices.
Shibby Tomato Firmware Vulnerability CVE-2026-15544 Enables Remote Code Execution
2 TTPs 1 CVEA stack-based buffer overflow vulnerability, identified as CVE-2026-15544, exists in the `getupsvar` function within the `www/apcupsd/tomatodata.cgi` file of the `apcupsd` component in Shibby Tomato firmware versions up to and including 1.28.0000, allowing a remote attacker to achieve arbitrary code execution by manipulating the `Field` argument.
Shibby Tomato Stack-Based Buffer Overflow Vulnerability (CVE-2026-10124)
2 rules 1 TTP 1 CVEA stack-based buffer overflow vulnerability exists in Shibby Tomato up to version 1.28 in the rip_zebra_read_ipv4 function within the /usr/sbin/ripd component (Zserv Handler), allowing a remote attacker to execute arbitrary code.