CVE-2025-11641

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high...

CVE-2025-11650 Tomofun Furbo 360/Furbo Mini Password shadow weak hash

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11646

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...

CVE-2025-11644 Tomofun Furbo 360/Furbo Mini UART sensitive information

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack i...

CVE-2025-11643 Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...

CVE-2025-11643

Tomofun Furbo 360 and Furbo Mini are affected by a vulnerability in the MQTT Client Certificate handling of the /squashfs-root/furbo_img component. Manipulation can reveal hard-coded credentials and may be exploitable remotely. Affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furb...

CVE-2025-11642

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The...

CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...