CVE-2026-10870EPSS p80.2%

CVE-2026-10870CVE-2026-10870

Description

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is superseded by FreshTomato.

Scoring

CVSS 7.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS2.20% probability of exploitation · percentile 80.2% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10872
CVE
CVE-2026-10871
CVE
CVE-2026-10873
CVE
CVE-2026-10069
CVE
CVE-2026-10124
CVE
CVE-2026-9408
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.