Submeter #831867: Tomato Tomato by Shibby 1.28.0000 MIPSR2-124 K26 USB Big-VPN command injectioninformação

TítuloTomato Tomato by Shibby 1.28.0000 MIPSR2-124 K26 USB Big-VPN command injection
Descrição`rstats` reads administrator-writable NVRAM `rstats_path`, passes it to `sub_4014AC` → `sub_4012E4`, which runs `sprintf("gzip -dc %s > /var/tmp/rstats-uncomp", path)` and `system(s)`. No shell metacharacter filtering (only `strlcpy` to 64 bytes). Web UI **Admin → Bandwidth Monitoring** (`admin-bwm.asp`): custom path field `f_user` (max 48 chars); `v_path()` only requires a leading `/` — payloads such as `/tmp/x;touch /tmp/pwned;#` are accepted.
Fonte⚠️ https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure/advisories/en/05-rstats.md
Utilizador
 WH-YHUST (UID 98329)
Submissão17/05/2026 10h14 (há 19 dias)
Moderação04/06/2026 17h32 (18 days later)
EstadoAceite
Entrada VulDB368363 [Shibby Tomato 1.28.0000 Web UI /bin/rstats rstats_path Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!