A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handl…

A stack-based buffer overflow vulnerability (CVE-2026-10124) was discovered in Shibby Tomato firmware up to version 1.28. The vulnerability affects the rip_zebra_read_ipv4 function in the /usr/sbin/ripd file within the Zserv Handler component. This flaw can be exploited remotely through manipulation attacks. The exploit code has been publicly disclosed and is available for use. The affected Shibby Tomato project is no longer maintained and has been superseded by FreshTomato. This vulnerability only impacts products that are no longer supported by their maintainer.