CVE-2026-15545
Received Received - Intake

Out-of-Bounds Write in Shibby Tomato apcupsd Component

Vulnerability report for CVE-2026-15545, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly available and might be used. This project is superseded by FreshTomato.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
shibby tomato to 1.28.0000 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-15545 is an out-of-bounds NUL byte write vulnerability found in the main() function of three apcupsd CGI programs (tomatodata.cgi, tomatoups.cgi, multimon.cgi) within the Tomato by Shibby firmware.

The vulnerability occurs during parsing of the /usr/local/apcupsd/multimon.conf configuration file due to an incorrect array index calculation. This causes a NUL byte to be written beyond the bounds of a 4096-byte stack buffer, leading to stack corruption.

Stack corruption can alter saved registers and return addresses, potentially causing crashes or enabling control-flow hijacking.

The attack requires local write access to the configuration file but can be launched remotely in some contexts.

Impact Analysis

This vulnerability can lead to stack corruption, which may cause the affected system to crash or allow an attacker to hijack the control flow of the program.

Such control-flow hijacking could enable execution of arbitrary code, potentially compromising the security and stability of the device running the vulnerable firmware.

Since the exploit is publicly available, attackers might use it to target systems running the affected Tomato by Shibby firmware version 1.28.0000.

Detection Guidance

This vulnerability involves an out-of-bounds NUL byte write in the main function of apcupsd CGI programs within the Tomato by Shibby firmware, triggered by parsing the /usr/local/apcupsd/multimon.conf configuration file.

Detection can focus on verifying the presence of the vulnerable firmware version (Tomato v1.28.0000 -120 K26ARM USB AIO-64K) and checking the integrity or unexpected modifications of the /usr/local/apcupsd/multimon.conf file.

Since the vulnerability requires local write access to the configuration file, monitoring for unauthorized changes to this file can help detect potential exploitation attempts.

Suggested commands to detect the vulnerability or signs of exploitation include:

  • Check firmware version: `cat /etc/version` or equivalent to confirm if running Tomato v1.28.0000.
  • Verify the modification time and integrity of the configuration file: `ls -l /usr/local/apcupsd/multimon.conf` and `md5sum /usr/local/apcupsd/multimon.conf`.
  • Monitor system logs for crashes or abnormal behavior of apcupsd CGI programs, which may indicate exploitation attempts.
  • Use debugging tools like GDB or QEMU user-mode emulation (if applicable) to analyze the behavior of the apcupsd CGI binaries for signs of stack corruption.
Mitigation Strategies

Immediate mitigation steps include:

  • Prevent unauthorized local write access to the /usr/local/apcupsd/multimon.conf configuration file by restricting permissions and access controls.
  • Upgrade or migrate from the vulnerable Shibby Tomato firmware (up to version 1.28.0000) to a maintained and patched alternative such as FreshTomato, which supersedes the affected project.
  • Monitor and audit the system for any signs of exploitation or unexpected behavior in the apcupsd CGI programs.
  • If upgrading immediately is not possible, consider disabling or restricting access to the vulnerable apcupsd CGI components to reduce exposure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15545. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart