CVE-2026-10871

Published: Giu 05, 2026 Last Modified: Giu 05, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 8,3
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: multiple
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.

77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities
Applicable Platforms
Technologies: Not Technology-Specific, AI/ML, Web Server
Likelihood of Exploit: High
View CWE Details
https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/…
https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure…
https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/…
https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure…
https://vuldb.com/cve/CVE-2026-10871
https://vuldb.com/cve/CVE-2026-10871
https://vuldb.com/submit/831857
https://vuldb.com/submit/831857
https://vuldb.com/vuln/368361
https://vuldb.com/vuln/368361
https://vuldb.com/vuln/368361/cti
https://vuldb.com/vuln/368361/cti