CVE-2025-11643

Medium CVSS: 6.3

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Furbo

Product

Furbo Mini Firmware

CWE

CWE-259

Yayın Tarihi

2025-10-12 20:15:39

Güncelleme

2025-10-29 13:47:18

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-259 Furbo Mini Firmware MEDIUM Furbo 2025

Referanslar

https://vuldb.com/?ctiid.328054 https://vuldb.com/?id.328054 https://vuldb.com/?submit.661875 https://vuldb.com/?submit.661875

Benzer Kayıtlar

High

CVE-2025-11649

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the compon…

Low

CVE-2025-11650

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the f…

Medium

CVE-2025-11648

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.…

Low

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component G…

Medium

CVE-2025-11646

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the compone…

Low

CVE-2025-11644

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality…