8 matches found
EUVD-2025-33911
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...
EUVD-2025-33915
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...
CVE-2025-11649 Tomofun Furbo 360/Furbo Mini Root Account hard-coded password
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
CVE-2025-11648
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TFFQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are high...
CVE-2025-11647
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...
CVE-2025-11646
CVE-2025-11646 affects Tomofun Furbo 360 (FB0035_FW_036 and earlier) and Furbo Mini (MC0020_FW_074 and earlier). The issue arises from improper access controls in the GATT Service component, enabling a local‑network attack. Public exploits are available. Remediation per PT Security advisory: upda...
CVE-2025-11641
CVE-2025-11641 (Tomofun Furbo 360/ Mini) affects the Trail Restriction Handler component, causing improper access controls. Affects Furbo 360 < FB0035_FW_036 and Furbo Mini
CVE-2025-11633 Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function uploadfiletos3 of the file collectlogs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack i...