CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer...

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

EUVD-2025-33911

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11647 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11647

The CVE-2025-11647 issue affects Tomofun Furbo 360 and Furbo Mini, specifically the GATT Service handling. Affects Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The root cause is manipulation of the DeviceToken argument in the GATT Service, leading to information disclosure. E...

CVE-2025-11646 Tomofun Furbo 360/Furbo Mini GATT Service access control

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...

CVE-2025-11646

CVE-2025-11646 affects Tomofun Furbo 360 (FB0035_FW_036 and earlier) and Furbo Mini (MC0020_FW_074 and earlier). The issue arises from improper access controls in the GATT Service component, enabling a local‑network attack. Public exploits are available. Remediation per PT Security advisory: upda...

CVE-2025-11646 Tomofun Furbo 360/Furbo Mini GATT Service access control

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...

Tomofun Furbo 360和Tomofun Furbo Mini 访问控制错误漏洞

Tomofun Furbo 360 and Tomofun Furbo Mini are both smart pet cameras from Tomofun Corporation of Taiwan, China. An access control error vulnerability exists in Tomofun Furbo 360 FB0035FW036 and earlier versions and Tomofun Furbo Mini MC0020FW074 and earlier versions, which stems from incorrect...

PT-2025-41734

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini due to improper access controls within the GATT Service component. This issue ca...

EUVD-2020-5840

Malware in sbrugna...

EUVD-2023-47918

Malicious code in bioql PyPI...

EUVD-2025-23489

Malicious code in bioql PyPI...

CVE-2025-20700

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

ASB-A-364025411

In gattsprocessprimaryservicereq of gattsr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer...

Buffer overflow

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer...

CVE-2023-43512

CVE-2023-43512 describes a transient Denial-of-Service in Qualcomm chipsets during GATT service data parsing when the total memory required by multiple services exceeds the available services buffer. Root cause: memory miscalculation during GATT parsing leads to overflow/overread in the handling ...