Enviar #831867: Tomato Tomato by Shibby 1.28.0000 MIPSR2-124 K26 USB Big-VPN command injectioninformación

TítuloTomato Tomato by Shibby 1.28.0000 MIPSR2-124 K26 USB Big-VPN command injection
Descripción`rstats` reads administrator-writable NVRAM `rstats_path`, passes it to `sub_4014AC` → `sub_4012E4`, which runs `sprintf("gzip -dc %s > /var/tmp/rstats-uncomp", path)` and `system(s)`. No shell metacharacter filtering (only `strlcpy` to 64 bytes). Web UI **Admin → Bandwidth Monitoring** (`admin-bwm.asp`): custom path field `f_user` (max 48 chars); `v_path()` only requires a leading `/` — payloads such as `/tmp/x;touch /tmp/pwned;#` are accepted.
Fuente⚠️ https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure/advisories/en/05-rstats.md
Usuario
 WH-YHUST (UID 98329)
Sumisión2026-05-17 10:14 (hace 21 días)
Moderación2026-06-04 17:32 (18 days later)
EstadoAceptado
Entrada de VulDB368363 [Shibby Tomato 1.28.0000 Web UI /bin/rstats rstats_path escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!