Description
A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.
Problem types
Product status
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28.0000
Timeline
| 2026-07-12: | Advisory disclosed |
| 2026-07-12: | VulDB entry created |
| 2026-07-12: | VulDB entry last update |
Credits
VulDB Gitee Analyzer
VulDB CNA Team
References
vuldb.com/vuln/377894 (VDB-377894 | Shibby Tomato apcupsd tomatodata.cgi getupsvar stack-based overflow)
vuldb.com/vuln/377894/cti (VDB-377894 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15544 (CVE-2026-15544 | CVE Analysis and Report)
vuldb.com/submit/855110 (Submit #855110 | Tomato by Shibby Tomato Firmware 1.28 Stack-based Buffer Overflow)
gitee.com/Fengyi-Wang/CVE/issues/IJTQ5M