A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. (CVE-2026-16096)
A stack-based buffer overflow vulnerability exists in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124, specifically in the function sub_40BB50 of the /proc/webmon_recent_domains file. This vulnerability can be exploited remotely and allows for potential compromise of the affected device. The project has been superseded by FreshTomato. No patch or official remediation is currently documented.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2026-16096 affects Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. It involves a stack-based buffer overflow in the function sub_40BB50 within the /proc/webmon_recent_domains file. This flaw can be triggered remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). There is no indication of an available patch or official fix, and the project has been superseded by FreshTomato, suggesting users should consider migration.
Potential Impact
Successful exploitation of this vulnerability could lead to remote code execution or denial of service on affected devices running Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This compromises device integrity and availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users are advised to consider migrating to the FreshTomato project, which supersedes Shibby Tomato, to obtain updated and maintained firmware. Monitor vendor advisories for any future patches or mitigations.
A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. (CVE-2026-16096)
Description
A stack-based buffer overflow vulnerability exists in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124, specifically in the function sub_40BB50 of the /proc/webmon_recent_domains file. This vulnerability can be exploited remotely and allows for potential compromise of the affected device. The project has been superseded by FreshTomato. No patch or official remediation is currently documented.
CVSS v4.0
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2026-16096 affects Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. It involves a stack-based buffer overflow in the function sub_40BB50 within the /proc/webmon_recent_domains file. This flaw can be triggered remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). There is no indication of an available patch or official fix, and the project has been superseded by FreshTomato, suggesting users should consider migration.
Potential Impact
Successful exploitation of this vulnerability could lead to remote code execution or denial of service on affected devices running Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This compromises device integrity and availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users are advised to consider migrating to the FreshTomato project, which supersedes Shibby Tomato, to obtain updated and maintained firmware. Monitor vendor advisories for any future patches or mitigations.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-3pw4-v8p8-wpvg
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-16096"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a5bd31b2a4a8d598928541f
Added to database: 07/18/2026, 19:25:15 UTC
Last enriched: 07/18/2026, 19:28:59 UTC
Last updated: 07/18/2026, 21:26:34 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.