Vulnerabilites related to Tomofun - Furbo 360
CVE-2025-11643 (GCVE-0-2025-11643)
Vulnerability from cvelistv5
Published
2025-10-12 19:32
Modified
2025-10-12 19:32
Severity ?
6.3 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328054 | vdb-entry | |
| https://vuldb.com/?ctiid.328054 | signature, permissions-required | |
| https://vuldb.com/?submit.661875 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"MQTT Client Certificate"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"MQTT Client Certificate"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tomofun Furbo 360 and Furbo Mini wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /squashfs-root/furbo_img der Komponente MQTT Client Certificate. Mittels Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T19:32:05.829Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328054 | Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328054"
},
{
"name": "VDB-328054 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328054"
},
{
"name": "Submit #661875 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Hardcoded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661875"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11643",
"datePublished": "2025-10-12T19:32:05.829Z",
"dateReserved": "2025-10-11T18:32:53.176Z",
"dateUpdated": "2025-10-12T19:32:05.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11637 (GCVE-0-2025-11637)
Vulnerability from cvelistv5
Published
2025-10-12 16:32
Modified
2025-10-12 16:32
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Race Condition
Summary
A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328048 | vdb-entry | |
| https://vuldb.com/?ctiid.328048 | signature, permissions-required | |
| https://vuldb.com/?submit.661362 | third-party-advisory |
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Audio Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "FB0035_FW_036"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tomofun Furbo 360 up to FB0035_FW_036 gefunden. Es ist betroffen eine unbekannte Funktion der Komponente Audio Handler. Dank der Manipulation mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T16:32:06.156Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328048 | Tomofun Furbo 360 Audio race condition",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328048"
},
{
"name": "VDB-328048 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328048"
},
{
"name": "Submit #661362 | Tomofun Furbo 360 \u2264 FB0035_FW_036 Race Condition",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661362"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360 Audio race condition"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11637",
"datePublished": "2025-10-12T16:32:06.156Z",
"dateReserved": "2025-10-11T18:32:31.274Z",
"dateUpdated": "2025-10-12T16:32:06.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11640 (GCVE-0-2025-11640)
Vulnerability from cvelistv5
Published
2025-10-12 18:02
Modified
2025-10-12 18:02
Severity ?
2.3 (Low) - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.1 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are highly complex. The exploitability is reported as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328051 | vdb-entry | |
| https://vuldb.com/?ctiid.328051 | signature, permissions-required | |
| https://vuldb.com/?submit.661374 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Bluetooth Low Energy"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Bluetooth Low Energy"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are highly complex. The exploitability is reported as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tomofun Furbo 360 and Furbo Mini ist eine Schwachstelle entdeckt worden. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Bluetooth Low Energy. Durch die Manipulation mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausf\u00fchrung eines Exploits gilt als schwer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T18:02:05.077Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328051 | Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328051"
},
{
"name": "VDB-328051 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328051"
},
{
"name": "Submit #661374 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Plaintext Transmission of Sensitive Information",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661374"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11640",
"datePublished": "2025-10-12T18:02:05.077Z",
"dateReserved": "2025-10-11T18:32:40.332Z",
"dateUpdated": "2025-10-12T18:02:05.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11636 (GCVE-0-2025-11636)
Vulnerability from cvelistv5
Published
2025-10-12 15:02
Modified
2025-10-12 15:02
Severity ?
6.3 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery
Summary
A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328047 | vdb-entry | |
| https://vuldb.com/?ctiid.328047 | signature, permissions-required | |
| https://vuldb.com/?submit.661361 | third-party-advisory |
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Account Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "FB0035_FW_036"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tomofun Furbo 360 up to FB0035_FW_036 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Funktion der Komponente Account Handler. Die Bearbeitung verursacht server-side request forgery. Ein Angriff ist aus der Distanz m\u00f6glich. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T15:02:04.833Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328047 | Tomofun Furbo 360 Account server-side request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328047"
},
{
"name": "VDB-328047 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328047"
},
{
"name": "Submit #661361 | Tomofun Furbo 360 \u2264 FB0035_FW_036 Server Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661361"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360 Account server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11636",
"datePublished": "2025-10-12T15:02:04.833Z",
"dateReserved": "2025-10-11T18:32:28.353Z",
"dateUpdated": "2025-10-12T15:02:04.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11642 (GCVE-0-2025-11642)
Vulnerability from cvelistv5
Published
2025-10-12 19:02
Modified
2025-10-12 19:02
Severity ?
4.1 (Medium) - CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4.0 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 (Medium) - CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 (Medium) - CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Denial of Service
Summary
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The exploitability is told to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328053 | vdb-entry | |
| https://vuldb.com/?ctiid.328053 | signature, permissions-required | |
| https://vuldb.com/?submit.661380 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Registration Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Registration Handler"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The exploitability is told to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tomofun Furbo 360 and Furbo Mini entdeckt. Dabei betrifft es einen unbekannter Codeteil der Komponente Registration Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Angriff auf das physische Ger\u00e4t kann durchgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Die Ausnutzung wird als schwierig beschrieben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.8,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:C/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T19:02:05.229Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328053 | Tomofun Furbo 360/Furbo Mini Registration denial of service",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328053"
},
{
"name": "VDB-328053 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328053"
},
{
"name": "Submit #661380 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Application Logic Bypass Leading to Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661380"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini Registration denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11642",
"datePublished": "2025-10-12T19:02:05.229Z",
"dateReserved": "2025-10-11T18:32:50.144Z",
"dateUpdated": "2025-10-12T19:02:05.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11639 (GCVE-0-2025-11639)
Vulnerability from cvelistv5
Published
2025-10-12 17:32
Modified
2025-10-12 17:32
Severity ?
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328050 | vdb-entry | |
| https://vuldb.com/?ctiid.328050 | signature, permissions-required | |
| https://vuldb.com/?submit.661364 | third-party-advisory | |
| https://vuldb.com/?submit.661876 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Debug Log S3 Bucket Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Debug Log S3 Bucket Handler"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tomofun Furbo 360 and Furbo Mini wurde eine Schwachstelle gefunden. Es betrifft eine unbekannte Funktion der Datei collect_logs.sh der Komponente Debug Log S3 Bucket Handler. Mit der Manipulation mit unbekannten Daten kann eine insecure storage of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T17:32:04.778Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328050 | Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328050"
},
{
"name": "VDB-328050 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328050"
},
{
"name": "Submit #661364 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Insecure Storage of Sensitive Information",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661364"
},
{
"name": "Submit #661876 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Insecure Storage of Sensitve Information (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661876"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11639",
"datePublished": "2025-10-12T17:32:04.778Z",
"dateReserved": "2025-10-11T18:32:37.387Z",
"dateUpdated": "2025-10-12T17:32:04.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11635 (GCVE-0-2025-11635)
Vulnerability from cvelistv5
Published
2025-10-12 14:02
Modified
2025-10-12 14:02
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
Summary
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328046 | vdb-entry | |
| https://vuldb.com/?ctiid.328046 | signature, permissions-required | |
| https://vuldb.com/?submit.661354 | third-party-advisory |
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"File Upload"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "FB0035_FW_036"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tomofun Furbo 360 up to FB0035_FW_036 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente File Upload. Die Ver\u00e4nderung resultiert in resource consumption. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T14:02:05.607Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328046 | Tomofun Furbo 360 File Upload resource consumption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328046"
},
{
"name": "VDB-328046 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328046"
},
{
"name": "Submit #661354 | Tomofun Furbo 360 \u2264 FB0035_FW_036 Uncontrolled Resource Consumption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661354"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360 File Upload resource consumption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11635",
"datePublished": "2025-10-12T14:02:05.607Z",
"dateReserved": "2025-10-11T18:32:25.348Z",
"dateUpdated": "2025-10-12T14:02:05.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11634 (GCVE-0-2025-11634)
Vulnerability from cvelistv5
Published
2025-10-12 12:32
Modified
2025-10-12 12:32
Severity ?
2.4 (Low) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
Summary
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328045 | vdb-entry | |
| https://vuldb.com/?ctiid.328045 | signature, permissions-required | |
| https://vuldb.com/?submit.661353 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"UART Interface"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"UART Interface"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tomofun Furbo 360 and Furbo Mini entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente UART Interface. Die Manipulation f\u00fchrt zu information disclosure. Ein Angriff auf das physische Ger\u00e4t kann durchgef\u00fchrt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T12:32:04.763Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328045 | Tomofun Furbo 360/Furbo Mini UART information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328045"
},
{
"name": "VDB-328045 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328045"
},
{
"name": "Submit #661353 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Insertion of Sensitive Information into Log File",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661353"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini UART information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11634",
"datePublished": "2025-10-12T12:32:04.763Z",
"dateReserved": "2025-10-11T18:32:22.501Z",
"dateUpdated": "2025-10-12T12:32:04.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11633 (GCVE-0-2025-11633)
Vulnerability from cvelistv5
Published
2025-10-12 12:02
Modified
2025-10-12 12:02
Severity ?
6.3 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/RC:R
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/RC:R
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/RC:R
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328044 | vdb-entry | |
| https://vuldb.com/?ctiid.328044 | signature, permissions-required | |
| https://vuldb.com/?submit.661352 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"HTTP Traffic Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"HTTP Traffic Handler"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tomofun Furbo 360 and Furbo Mini gefunden. Es geht dabei um eine nicht klar definierte Funktion der Komponente HTTP Traffic Handler. Durch Beeinflussen mit unbekannten Daten kann eine improper certificate validation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Die Ausnutzung wird als schwierig beschrieben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T12:02:05.240Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328044 | Tomofun Furbo 360/Furbo Mini HTTP Traffic certificate validation",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328044"
},
{
"name": "VDB-328044 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328044"
},
{
"name": "Submit #661352 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Improper Certificate Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661352"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini HTTP Traffic certificate validation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11633",
"datePublished": "2025-10-12T12:02:05.240Z",
"dateReserved": "2025-10-11T18:32:19.461Z",
"dateUpdated": "2025-10-12T12:02:05.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11638 (GCVE-0-2025-11638)
Vulnerability from cvelistv5
Published
2025-10-12 17:02
Modified
2025-10-12 17:02
Severity ?
5.3 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Denial of Service
Summary
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The attacker needs to be present on the local network. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328049 | vdb-entry | |
| https://vuldb.com/?ctiid.328049 | signature, permissions-required | |
| https://vuldb.com/?submit.661363 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Bluetooth Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Bluetooth Handler"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The attacker needs to be present on the local network. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tomofun Furbo 360 and Furbo Mini entdeckt. Betroffen davon ist eine unbekannte Funktion der Komponente Bluetooth Handler. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff muss \u00fcber das lokale Netzwerk initiiert werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T17:02:05.311Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328049 | Tomofun Furbo 360/Furbo Mini Bluetooth denial of service",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328049"
},
{
"name": "VDB-328049 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328049"
},
{
"name": "Submit #661363 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661363"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini Bluetooth denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11638",
"datePublished": "2025-10-12T17:02:05.311Z",
"dateReserved": "2025-10-11T18:32:34.251Z",
"dateUpdated": "2025-10-12T17:02:05.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11644 (GCVE-0-2025-11644)
Vulnerability from cvelistv5
Published
2025-10-12 20:02
Modified
2025-10-12 20:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be exploited. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328055 | vdb-entry | |
| https://vuldb.com/?ctiid.328055 | signature, permissions-required | |
| https://vuldb.com/?submit.661878 | third-party-advisory | |
| https://vuldb.com/?submit.661879 | third-party-advisory | |
| https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.md | related | |
| https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXX.md | exploit |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"UART Interface"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"UART Interface"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be exploited. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tomofun Furbo 360 and Furbo Mini ist eine Schwachstelle entdeckt worden. Davon betroffen ist unbekannter Code der Komponente UART Interface. Durch das Manipulieren mit unbekannten Daten kann eine insecure storage of sensitive information-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff auf das physische Ger\u00e4t durchzuf\u00fchren. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T20:02:05.648Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328055 | Tomofun Furbo 360/Furbo Mini UART sensitive information",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328055"
},
{
"name": "VDB-328055 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328055"
},
{
"name": "Submit #661878 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Insecure Storage of Sensitive Information",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661878"
},
{
"name": "Submit #661879 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Insecure Storage of Sensitive Information (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661879"
},
{
"tags": [
"related"
],
"url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXX.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini UART sensitive information"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11644",
"datePublished": "2025-10-12T20:02:05.648Z",
"dateReserved": "2025-10-11T18:32:56.286Z",
"dateUpdated": "2025-10-12T20:02:05.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11641 (GCVE-0-2025-11641)
Vulnerability from cvelistv5
Published
2025-10-12 18:32
Modified
2025-10-12 18:32
Severity ?
1.0 (Low) - CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.9 (Low) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.9 (Low) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.9 (Low) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.9 (Low) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high complexity. The exploitability is said to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.328052 | vdb-entry | |
| https://vuldb.com/?ctiid.328052 | signature, permissions-required | |
| https://vuldb.com/?submit.661379 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tomofun | Furbo 360 |
Version: n/a |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Trial Restriction Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Trial Restriction Handler"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high complexity. The exploitability is said to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tomofun Furbo 360 and Furbo Mini gefunden. Dies betrifft einen unbekannten Teil der Komponente Trial Restriction Handler. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff auf das physische Ger\u00e4t ist m\u00f6glich. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.7,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T18:32:05.050Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328052 | Tomofun Furbo 360/Furbo Mini Trial Restriction access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.328052"
},
{
"name": "VDB-328052 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328052"
},
{
"name": "Submit #661379 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Application Logic Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661379"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T20:38:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini Trial Restriction access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11641",
"datePublished": "2025-10-12T18:32:05.050Z",
"dateReserved": "2025-10-11T18:32:47.228Z",
"dateUpdated": "2025-10-12T18:32:05.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}