Description
A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly available and might be used. This project is superseded by FreshTomato.
Problem types
Product status
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28.0000
Timeline
| 2026-07-12: | Advisory disclosed |
| 2026-07-12: | VulDB entry created |
| 2026-07-12: | VulDB entry last update |
Credits
VulDB Gitee Analyzer
VulDB CNA Team
References
vuldb.com/vuln/377895 (VDB-377895 | Shibby Tomato apcupsd tomatodata.cgi main out-of-bounds write)
vuldb.com/vuln/377895/cti (VDB-377895 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15545 (CVE-2026-15545 | CVE Analysis and Report)
vuldb.com/submit/855114 (Submit #855114 | Tomato by Shibby Tomato Firmware Tomato v1.28.0000 -120 K26ARM USB AIO-64K Out-of-bounds Write)
gitee.com/Fengyi-Wang/CVE/issues/IJTQ5N