CVE-2026-10873
Received Received - Intake
BaseFortify

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: VulDB

Description
A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-05
AI Q&A
2026-06-05
EPSS Evaluated
N/A
NVD
CVE-2026-10873
EUVD
EUVD-2026-34340
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shibby_tomato tomato 1.28.0000
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Shibby Tomato version 1.28.0000, specifically in the rstats_path function of the /bin/rstats file within the Web UI component.

An attacker can remotely manipulate this function to perform OS command injection, which means they can execute arbitrary operating system commands on the affected device.

The vulnerability has been publicly disclosed and may be actively exploited.


How can this vulnerability impact me? :

This vulnerability can have severe impacts because it allows a remote attacker to execute arbitrary OS commands on the affected system.

  • Compromise of system confidentiality, integrity, and availability.
  • Potential full control over the affected device by the attacker.
  • Disruption of services or unauthorized access to sensitive data.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart