Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-10124: Shibby Tomato 1.28 Zserv Handler IPv4 Overflow
CVE-2026-10124
Summary
A security flaw in Shibby Tomato's Zserv Handler allows an attacker to execute malicious code remotely, potentially disrupting your network. This issue affects older, unsupported versions of Shibby Tomato. If you're still using Shibby Tomato, it's recommended to update to a newer, supported version or consider switching to a different firmware.
Original title
A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead...
Original description
A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026