Description
A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.
Published: 2026-06-04
Score: 8.6 High
EPSS: 2.2% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Shibby Tomato firmware version 1.28.0000, in the ‘start_6rd_tunnel’ function of the /sbin/rc file accessed via the Web UI. By supplying a crafted value for the ipv6_6rd_borderrelay argument, a remote attacker can cause the router to execute arbitrary shell commands, resulting in remote code execution and full compromise of the device. The flaw is a classic OS command injection (CWE‑77/CWE‑78). The description states the attack can be launched remotely; it does not explicitly state whether authentication is required, so it is inferred that the vulnerable function does not enforce authentication.

Affected Systems

Affected products are devices running Shibby Tomato 1.28.0000 firmware. The vulnerability is specific to the Web UI component that calls the 6rd_tunnel startup routine. No other versions or products are listed as impacted.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. The EPSS score of 2% shows a low probability of exploitation at the present time. The vulnerability is not listed in the CISA KEV catalog. While the description indicates the exploit is public and can be launched remotely, the low EPSS suggests that exploitation in the wild is currently unlikely.

Generated by OpenCVE AI on June 18, 2026 at 07:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that includes the patch for the start_6rd_tunnel function, such as the latest release of Shibby Tomato or the FreshTomato fork.
  • If an update is not immediately available, disable the 6rd_tunnel feature or block remote access to the router’s Web UI.
  • Implement network‑level controls to restrict management traffic to the router, such as firewall rules or VLAN segmentation, to limit the exposure of the vulnerable endpoint.

Generated by OpenCVE AI on June 18, 2026 at 07:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.
Title Shibby Tomato Web UI rc start_6rd_tunnel os command injection
First Time appeared Shibby
Shibby tomato
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*
Vendors & Products Shibby
Shibby tomato
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Shibby Tomato
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T18:30:59.580Z

Reserved: 2026-06-04T15:32:00.393Z

Link: CVE-2026-10871

cve-icon Vulnrichment

Updated: 2026-06-08T18:30:57.274Z

cve-icon NVD

Status : Deferred

Published: 2026-06-04T22:16:52.063

Modified: 2026-06-05T13:26:15.113

Link: CVE-2026-10871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:30:05Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')