Description
A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-29
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the sub_90F0 function of multimon.cgi within Shibby Tomato. An attacker can craft input that overwrites the stack, potentially allowing execution of arbitrary code on the affected system. The weakness is classified as CWE-119 and CWE-121 and can compromise confidentiality, integrity, and availability of the host. The CVSS score of 8.7 indicates a high-severity flaw with considerable impact.

Affected Systems

The flaw affects Shibby Tomato version 1.28. No other versions are currently listed as vulnerable. The product is no longer supported by its maintainer and has been superseded by FreshTomato, limiting its deployment to legacy installations.

Risk and Exploitability

The attack can be launched remotely, and while no EPSS score is available, the high CVSS rating indicates a serious threat. The vulnerability is not listed in the CISA KEV catalog, but its remote nature and lack of official support increase the risk of exploitation. Without a maintainer, the best chance of mitigation is to upgrade to a supported product or apply an official patch if available.

Generated by OpenCVE AI on May 29, 2026 at 17:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch for Shibby Tomato 1.28 that addresses the buffer overflow
  • If no patch is available, upgrade to FreshTomato or another actively supported firmware
  • Configure network controls to block remote access to multimon.cgi and limit exposure of the affected service

Generated by OpenCVE AI on May 29, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.
Title Shibby Tomato multimon.cgi sub_90F0 stack-based overflow
First Time appeared Shibby
Shibby tomato
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*
Vendors & Products Shibby
Shibby tomato
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Shibby Tomato
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-29T15:30:15.150Z

Reserved: 2026-05-29T08:32:32.209Z

Link: CVE-2026-10067

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-29T16:16:23.563

Modified: 2026-05-29T16:29:11.350

Link: CVE-2026-10067

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:45:04Z

Weaknesses