Wh-Yhust

**Name of the Vulnerable Software and Affected Versions** Shibby Tomato version 1.28.0000 **Description** An OS command injection flaw exists in the Web UI component. The issue is located in the `start dhcpc()` function within the `/sbin/rc` file, allowing a remote attacker to execute arbitrary operating system commands. **Recommendations** Update Shibby Tomato version 1.28.0000 to FreshTomato, as the former project has been superseded by the latter. As a temporary workaround, restrict access to the Web UI component to minimize the risk of exploitation.

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start 6rd tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6 6rd borderrelay leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.

**Name of the Vulnerable Software and Affected Versions** Shibby Tomato version 1.28.0000 **Description** An OS command injection issue exists in the Web UI component within the `start vpnserver()` function of the `/sbin/rc` file. This flaw allows a remote attacker to execute arbitrary operating system commands through manipulation. **Recommendations** For version 1.28.0000, as a temporary workaround, restrict access to the `start vpnserver()` function in the Web UI. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.