CVE-2025-11643

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...

CVE-2025-11646

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...

CVE-2025-11643

Tomofun Furbo 360 and Furbo Mini are affected by a vulnerability in the MQTT Client Certificate handling of the /squashfs-root/furbo_img component. Manipulation can reveal hard-coded credentials and may be exploitable remotely. Affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furb...

CVE-2025-11639

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...

CVE-2025-11638 Tomofun Furbo 360/Furbo Mini Bluetooth denial of service

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The attacker needs to be present on the local network. The firmware versions determined to be affected a...

PT-2025-41732

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A weakness exists in the UART Interface component of Tomofun Furbo 360 and Furbo Mini. Manipulation of this component can result i...