CVE-2026-10871

Sažetak

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.

Reference

https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure/advisories/en/02-start_6rd_tunnel.md
https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure/advisories/zh/02-start_6rd_tunnel.md
https://vuldb.com/cve/CVE-2026-10871
https://vuldb.com/submit/831857
https://vuldb.com/vuln/368361
https://vuldb.com/vuln/368361/cti

CVSS

Base:	8.3
Impact:	10.0
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:M/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-06-2026 - 13:26

Objavljeno

04-06-2026 - 22:16