CVE-2026-16096
Shibby · Tomato
A stack-based buffer overflow in the web monitoring module of Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124 allows remote attackers to trigger memory corruption.
Executive summary
A critical buffer overflow vulnerability in the web monitoring module of Shibby Tomato 1.28 could lead to unauthorized system impact.
Vulnerability
The vulnerability exists in the sub_40BB50 function within the web monitoring component. It requires the web monitoring feature to be enabled and administrative access to trigger the overflow remotely.
Business impact
With a CVSS score of 8.8, this vulnerability represents a significant threat. If exploited, it could allow an attacker to disrupt router operations or gain control over the affected device, resulting in potential network-wide data interception or service outages.
Remediation
Immediate Action: Migrate away from the unmaintained Shibby Tomato firmware and install FreshTomato, which has superseded this project.
Proactive Monitoring: Monitor the /proc/webmon_recent_domains file and associated web monitoring logs for anomalous activity or unexpected input strings.
Compensating Controls: Disable the web monitoring feature if it is not strictly required for network operations to reduce the attack surface.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Because the Shibby Tomato project is discontinued, no security updates will be issued. Organizations must plan a migration to a supported firmware platform immediately to ensure ongoing protection against this and other unpatched vulnerabilities.