CVE-2026-16096

Shibby · Tomato

A stack-based buffer overflow in the web monitoring module of Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124 allows remote attackers to trigger memory corruption.

Executive summary

A critical buffer overflow vulnerability in the web monitoring module of Shibby Tomato 1.28 could lead to unauthorized system impact.

Vulnerability

The vulnerability exists in the sub_40BB50 function within the web monitoring component. It requires the web monitoring feature to be enabled and administrative access to trigger the overflow remotely.

Business impact

With a CVSS score of 8.8, this vulnerability represents a significant threat. If exploited, it could allow an attacker to disrupt router operations or gain control over the affected device, resulting in potential network-wide data interception or service outages.

Remediation

Immediate Action: Migrate away from the unmaintained Shibby Tomato firmware and install FreshTomato, which has superseded this project.

Proactive Monitoring: Monitor the /proc/webmon_recent_domains file and associated web monitoring logs for anomalous activity or unexpected input strings.

Compensating Controls: Disable the web monitoring feature if it is not strictly required for network operations to reduce the attack surface.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Because the Shibby Tomato project is discontinued, no security updates will be issued. Organizations must plan a migration to a supported firmware platform immediately to ensure ongoing protection against this and other unpatched vulnerabilities.