What is GHSA-87h4-4j7r-7jc2?

GHSA-87h4-4j7r-7jc2 is a security advisory published by GitHub Security Advisories with High severity. A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path...

Which CVE IDs does GHSA-87h4-4j7r-7jc2 cover?

GHSA-87h4-4j7r-7jc2 covers the following CVE IDs: CVE-2026-10873. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-87h4-4j7r-7jc2?

GHSA-87h4-4j7r-7jc2 has a CVSS v3 base score of 7.2, published by GitHub Security Advisories.

GHSA-87h4-4j7r-7jc2HighCVSS 7.2

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path...

Vendor

GitHub Security Advisories

Published

June 5, 2026

Last Modified

June 5, 2026

🔗 CVE IDs covered (1)

CVE-2026-10873 →

📋 Description

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2026-10873
https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure/advisories/en/05-rstats.md
https://gitee.com/WH-YHUST/tomato-rc-nvram-cve/blob/master/gitee-cve-disclosure/advisories/zh/05-rstats.md
https://vuldb.com/cve/CVE-2026-10873
https://vuldb.com/submit/831866
https://vuldb.com/submit/831867
https://vuldb.com/vuln/368363
https://vuldb.com/vuln/368363/cti
https://github.com/advisories/GHSA-87h4-4j7r-7jc2