These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A low-severity vulnerability has been identified in Shibby Tomato up to 1.28.0000. The weakness affects the CIFS Mount Handler component, specifically the sub_2D048 function, and can lead to OS command injection through manipulation of the cifs1/cifs2 argument. The vulnerability can be exploited remotely, and a public exploit is available. However, the project is superseded by FreshTomato. This vulnerabil [truncated]
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This project is superseded by FreshTomato. The vulner [truncated]
A vulnerability was identified in Shibby Tomato up to 1.28.0000, affecting the function main of the file www/apcupsd/tomatodata.cgi in the apcupsd component, leading to out-of-bounds write. The attack may be launched remotely. This project is superseded by FreshTomato. Users should review and apply patches. Evidence is limited to CVE and NVD details. Defenders should verify affected product deployments an [truncated]
A stack-based buffer overflow vulnerability was determined in Shibby Tomato up to 1.28.0000. The affected function is getupsvar in the file www/apcupsd/tomatodata.cgi of the apcupsd component. This issue allows for remote exploitation. The project is superseded by FreshTomato. Users should be aware of the potential risks associated with this vulnerability and take necessary actions to mitigate them.
A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.
A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.
A HIGH severity vulnerability has been identified in Shibby Tomato 1.28.0000. The vulnerability, tracked as CVE-2026-10870, is caused by a flaw in the start_dhcpc function of the /sbin/rc file in the Web UI component. This flaw allows for os command injection, which can be exploited remotely. The CVSS score for this vulnerability is 7.3. The vulnerability has been publicly disclosed and an exploit has bee [truncated]
A stack-based buffer overflow vulnerability exists in the `rip_zebra_read_ipv4` function within `/usr/sbin/ripd` of the Zserv Handler component in Shibby Tomato firmware versions up to 1.28. The vulnerability is remotely exploitable and has been publicly disclosed. Shibby Tomato is a superseded project; users should migrate to FreshTomato, which is the actively maintained successor. The affected product i [truncated]
A resource consumption vulnerability in Shibby Tomato 1.28's miniupnpd component allows remote attackers to exhaust system resources. The affected firmware is end-of-life and superseded by FreshTomato.
A server-side request forgery (SSRF) vulnerability exists in the SUBSCRIBE Call Handler component of Shibby Tomato 1.28, specifically within the send function of usr/sbin/miniupnpd. The vulnerability allows remote attackers to manipulate the affected function to initiate unauthorized requests from the server. This issue affects a firmware project that has been superseded by FreshTomato and is no longer ma [truncated]
A stack-based buffer overflow vulnerability exists in the `sub_90F0` function within the `multimon.cgi` file of Shibby Tomato firmware version 1.28. The vulnerability can be exploited remotely to achieve code execution. Shibby Tomato is a discontinued project superseded by FreshTomato, and affected versions are no longer maintained by the original vendor.
A stack-based buffer overflow vulnerability exists in Shibby Tomato firmware up to version 1.28, specifically within the `sub_9068` function of the `tomatoups.cgi` file in the UPS Service component. The vulnerability allows remote attackers to trigger memory corruption through crafted input. This affects a deprecated firmware project that has been superseded by FreshTomato; the affected products are no lo [truncated]
A stack-based buffer overflow vulnerability exists in Shibby Tomato firmware version 1.28, specifically within the `get_ups_field` function of the `tomatodata.cgi` file. The vulnerability is triggered by manipulating the `Date` argument, which can be exploited remotely to achieve code execution. The affected product is end-of-life and superseded by FreshTomato, with no ongoing support from the original ma [truncated]