A vulnerability was found in Shibby Tomato 1.28.0000 . It has been declared as critical . This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI . Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. This vulnerability is referenced as CVE-2026-10871 . It is possible to launch the attack remotely. Furthermore, an exploit is available. This project is superseded by FreshTomato.