A vulnerability was found in Shibby Tomato 1.28.0000 . It has been classified as critical . This affects the function start_dhcpc of the file /sbin/rc of the component Web UI . This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-10870 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This project is superseded by FreshTomato.