Stack-based Buffer Overflow Vulnerability in Shibby Tomato Router Firmware
CVE-2026-16097
8.7HIGH
What is CVE-2026-16097?
A security vulnerability has been discovered in Shibby Tomato 1.28, specifically within the function sub_42537C of the Scheduler Name Handler component. This vulnerability allows for a stack-based buffer overflow, which could be exploited remotely by manipulating the function's input argument. This flaw could potentially lead to unauthorized access and control over the affected system. Users are encouraged to assess their systems and consider migrating to the superior FreshTomato project as a preventive measure.
Affected Version(s)
Tomato 1.28
