CVE-2026-10124 Shibby CVE debrief

Who should care

Organizations and individuals operating Shibby Tomato-based routers or access points, particularly those exposing RIP daemon services to network access. Network administrators responsible for legacy embedded Linux router firmware deployments. Security teams tracking public exploit availability for end-of-life network infrastructure.

Technical summary

The `rip_zebra_read_ipv4` function in `/usr/sbin/ripd` (Zserv Handler) of Shibby Tomato ≤1.28 fails to properly validate input bounds, permitting a stack-based buffer overflow through remote manipulation. The vulnerability is exploitable over the network with low attack complexity and low privileges required. The affected project is end-of-life and superseded by FreshTomato; no security patches are available from the original maintainer.

Defensive priority

high

Recommended defensive actions

• Migrate from Shibby Tomato to FreshTomato, the actively maintained successor project, as the affected firmware is end-of-life and unsupported
• Restrict network access to RIP daemon management interfaces to trusted administrative hosts only
• Monitor for unauthorized access attempts targeting RIP service endpoints on affected devices
• Consider network segmentation to isolate legacy Tomato-based routers from critical infrastructure
• Evaluate replacement of affected hardware/firmware where migration to FreshTomato is not feasible

Evidence notes

Vulnerability identified in `rip_zebra_read_ipv4` function of `/usr/sbin/ripd` (Zserv Handler). CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and no user interaction. CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow) classified by CNA. VulnStatus in NVD is 'Deferred'. Vendor attribution marked low confidence with 'Unknown Vendor' and Gitee reference domain candidate.

Official resources