28 matches found
CVE-2025-11640
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are...
CVE-2025-11639
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...
EUVD-2025-33912
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
CVE-2025-11650
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...
CVE-2025-11649
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
CVE-2025-11649
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
CVE-2025-11650 Tomofun Furbo 360/Furbo Mini Password shadow weak hash
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...
CVE-2025-11648
The CVE-2025-11648 issue affects Tomofun Furbo 360 and Furbo Mini, specifically the TF_FQDN.json under the GATT Interface URL Handler. A server-side request forgery can be triggered by manipulating the TF_FQDN.json file, with the attack possible remotely and described as highly complex; exploitab...
CVE-2025-11647
The CVE-2025-11647 issue affects Tomofun Furbo 360 and Furbo Mini, specifically the GATT Service handling. Affects Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The root cause is manipulation of the DeviceToken argument in the GATT Service, leading to information disclosure. E...
EUVD-2025-33910
A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...
CVE-2025-11643
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...
CVE-2025-11643
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...
CVE-2025-11643 Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...
CVE-2025-11641
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high...
CVE-2025-11642
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The...
CVE-2025-11642 Tomofun Furbo 360/Furbo Mini Registration denial of service
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The...
CVE-2025-11641 Tomofun Furbo 360/Furbo Mini Trial Restriction access control
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high...
EUVD-2025-33904
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are...
CVE-2025-11640
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are...
CVE-2025-11640 Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are...