CVE-2026-10872 | Shibby Tomato 1.28.0000 Web UI /sbin/rc start_vpnserver os command injection

A vulnerability was found in Shibby Tomato 1.28.0000. It has been rated as critical. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection.

This vulnerability is identified as CVE-2026-10872. The attack can be initiated remotely. Additionally, an exploit exists.

This project is superseded by FreshTomato.VulDB Recent EntriesRead More