CVE-2025-11647

Low CVSS: 2.3

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is needed for the attack. The exploitability is assessed as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Furbo

Product

Furbo Mini Firmware

CWE

CWE-200

Yayın Tarihi

2025-10-12 22:15:32

Güncelleme

2025-10-28 01:58:51

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-200 Furbo Mini Firmware LOW Furbo 2025

Referanslar

https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-DeviceToken.md https://vuldb.com/?ctiid.328058 https://vuldb.com/?id.328058 https://vuldb.com/?submit.662767 https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-DeviceToken.md

Benzer Kayıtlar

High

CVE-2025-11649

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the compon…

Low

CVE-2025-11650

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the f…

Medium

CVE-2025-11648

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.…

Medium

CVE-2025-11646

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the compone…

Medium

CVE-2025-11643

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown fu…

Low

CVE-2025-11644

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality…