Description
A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely. This project is superseded by FreshTomato.
Problem types
Product status
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28.0000
Timeline
| 2026-07-12: | Advisory disclosed |
| 2026-07-12: | VulDB entry created |
| 2026-07-12: | VulDB entry last update |
Credits
Cormac315 (VulDB User)
VulDB CNA Team
References
vuldb.com/vuln/377898 (VDB-377898 | Shibby Tomato DNS List Rendering httpd sub_407220 stack-based overflow)
vuldb.com/vuln/377898/cti (VDB-377898 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15548 (CVE-2026-15548 | CVE Analysis and Report)
vuldb.com/submit/855121 (Submit #855121 | Tomato by Shibby Tomato Firmware Tomato v1.28 RT-N5x MIPSR2 build 132 Max Stack-based Buffer Overflow)
gitee.com/Fengyi-Wang/CVE/issues/IJTQ5R