CVE-2026-15548
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-15548, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely. This project is superseded by FreshTomato.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
shibby_tomato tomato to 1.28.0000 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15548 is a stack-based buffer overflow vulnerability found in the Tomato firmware, specifically in the DNS list rendering function sub_407220 within the /usr/sbin/httpd file.

The vulnerable function allocates a fixed 128-byte buffer on the stack and uses unsafe sprintf operations to append DNS entries without verifying if the buffer size is sufficient.

When there are 8 DNS entries, the generated string exceeds the buffer size by 19 bytes, causing a stack overflow.

This overflow can be exploited remotely to crash the httpd management service or potentially corrupt adjacent stack memory.

This vulnerability is distinct from other Tomato vulnerabilities because it involves an accumulated sprintf stack overflow rather than issues related to system() or popen() calls.

Impact Analysis

This vulnerability can be exploited remotely to cause a stack-based buffer overflow in the httpd management service of affected Tomato firmware devices.

The immediate impact includes crashing the httpd service, which may lead to denial of service (DoS) conditions.

More severe impacts could involve corruption of adjacent stack memory, potentially allowing an attacker to execute arbitrary code or gain elevated privileges.

Detection Guidance

This vulnerability can be detected by monitoring the behavior of the httpd management service on affected Tomato firmware devices, particularly looking for crashes or abnormal terminations caused by stack-based buffer overflow in the DNS list rendering function.

Since the vulnerability arises from unsafe sprintf operations when rendering DNS entries, detection can involve checking the number of DNS entries configured. Specifically, having 8 or more DNS entries may trigger the overflow.

A practical detection approach is to attempt to reproduce the overflow condition by configuring 8 or more DNS entries and observing if the httpd service crashes.

Commands to check the number of DNS entries or to monitor the httpd process logs might include:

  • Use router or device CLI to list DNS entries (command varies by device).
  • Monitor httpd process status: `ps aux | grep httpd`
  • Check system logs for httpd crashes: `dmesg | grep httpd` or `logread | grep httpd`
  • Attempt to add 8 or more DNS entries and observe if the httpd service crashes or restarts.
Mitigation Strategies

Immediate mitigation steps include avoiding the use of 8 or more DNS entries in the affected Tomato firmware to prevent triggering the stack-based buffer overflow.

Since the vulnerability affects the httpd management service, monitoring and restarting the service if it crashes can help maintain availability.

Upgrading to a firmware version that is not affected, such as switching from Shibby Tomato to the superseding FreshTomato project, is recommended for a long-term fix.

If upgrading is not immediately possible, consider limiting remote access to the httpd management interface to trusted networks or IP addresses to reduce exposure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart