Aggregates CVE and security vulnerability intelligence across all freshtomato-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-3991 | An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 10.0 | 1.28% | 2023-10-16 | 2024-11-21 |
| CVE-2022-42484 | An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 9.8 | 0.62% | 2023-01-30 | 2024-11-21 |
| CVE-2022-38451 | A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 4.19% | 2023-01-30 | 2024-11-21 |
| CVE-2022-28665 | A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption. | [email protected] | 9.8 | 3.96% | 2022-08-05 | 2024-11-21 |
| CVE-2022-28664 | A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption. | [email protected] | 9.8 | 3.27% | 2022-08-05 | 2024-11-21 |