Stack-Based Buffer Overflow in Shibby Tomato Router Firmware
CVE-2026-15548
8.7HIGH
What is CVE-2026-15548?
A vulnerability exists in the Shibby Tomato router firmware, specifically in the DNS List Rendering component. This issue allows an attacker to manipulate the sub_407220 function within the /usr/sbin/httpd file, leading to a stack-based buffer overflow. Such an overflow can be triggered remotely, posing significant risks to the affected routers. Users are advised to consider migrating to the FreshTomato project, which supersedes the Shibby Tomato firmware and addresses these concerns.
Affected Version(s)
Tomato 1.0
Tomato 1.1
Tomato 1.2
