Stack-Based Buffer Overflow in Shibby Tomato Router Firmware
CVE-2026-15548

8.7HIGH

Key Information:

Vendor

Shibby

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-15548?

A vulnerability exists in the Shibby Tomato router firmware, specifically in the DNS List Rendering component. This issue allows an attacker to manipulate the sub_407220 function within the /usr/sbin/httpd file, leading to a stack-based buffer overflow. Such an overflow can be triggered remotely, posing significant risks to the affected routers. Users are advised to consider migrating to the FreshTomato project, which supersedes the Shibby Tomato firmware and addresses these concerns.

Affected Version(s)

Tomato 1.0

Tomato 1.1

Tomato 1.2

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cormac315 (VulDB User)
VulDB CNA Team
.