Browse all 5 CVE security advisories affecting FreshTomato. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FreshTomato is an open-source firmware project for routers and network devices, focusing on enhancing functionality and performance. Historically, it has been susceptible to multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure web interfaces. Privilege escalation flaws have also been documented, allowing unauthorized access to administrative functions. With five CVEs currently recorded, the project has experienced security incidents related to command injection and authentication bypasses. These vulnerabilities typically arise from legacy code and insufficient sanitization of user-supplied data, posing risks to network infrastructure integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-3991 | OS command injection vulnerability in FreshTomato 2023.3 — FreshTomatoCWE-78 | 10.0 | Critical | 2023-10-16 |
| CVE-2022-42484 | FreshTomato 操作系统命令注入漏洞 — FreshTomatoCWE-78 | 9.8 | - | 2023-01-30 |
| CVE-2022-38451 | FreshTomato 路径遍历漏洞 — FreshTomatoCWE-22 | 7.5 | - | 2023-01-30 |
| CVE-2022-28665 | FreshTomato 缓冲区错误漏洞 — FreshTomatoCWE-787 | 9.8 | - | 2022-08-05 |
| CVE-2022-28664 | FreshTomato 缓冲区错误漏洞 — FreshTomatoCWE-787 | 9.8 | - | 2022-08-05 |
This page lists every published CVE security advisory associated with FreshTomato. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.