38 matches found
MINI-FWQP-9JXC-5GW9
Bulletin has no description...
MINI-FWMP-5CMM-VH5G
Bulletin has no description...
MINI-FW39-RJCJ-56MG
Bulletin has no description...
MINI-FW96-R3M6-J6R4
Bulletin has no description...
MINI-PCFW-63X3-W5R8
Bulletin has no description...
MINI-FMPW-G975-4R5W
Bulletin has no description...
MINI-524R-FW5M-49GW
Bulletin has no description...
MINI-CFW4-F9CG-64VM
Bulletin has no description...
CVE-2025-11640
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are...
CVE-2025-11639
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...
EUVD-2025-33912
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
CVE-2025-11650
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...
CVE-2025-11649
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
CVE-2025-11649
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
CVE-2025-11650 Tomofun Furbo 360/Furbo Mini Password shadow weak hash
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...
CVE-2025-11648
The CVE-2025-11648 issue affects Tomofun Furbo 360 and Furbo Mini, specifically the TF_FQDN.json under the GATT Interface URL Handler. A server-side request forgery can be triggered by manipulating the TF_FQDN.json file, with the attack possible remotely and described as highly complex; exploitab...
CVE-2025-11647
The CVE-2025-11647 issue affects Tomofun Furbo 360 and Furbo Mini, specifically the GATT Service handling. Affects Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The root cause is manipulation of the DeviceToken argument in the GATT Service, leading to information disclosure. E...
EUVD-2025-33910
A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The...
CVE-2025-11643
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...
CVE-2025-11643
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...