VDB-328054 · CVE-2025-11643 · EUVD-2025-33906

Tomofun Furbo 360/Furbo Mini MQTT Client Certificate /squashfs-root/furbo_img ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame Tomofun Furbo 360 and Furbo Mini keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /squashfs-root/furbo_img keessa kutaa MQTT Client Certificate keessa. Dhugumatti jijjiirraa gara ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-798 si geessa. Dogoggorri 05/15/2025 irratti adda bahe. Beekumsi kun yeroo 10/11/2025 ifoomsifameera kan ifoomsise Calvin Star, Julian B (skelet4r and dead1nfluence) waliin Software Secured. Dogoggorri kun maqaa CVE-2025-11643 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Hanqinni kun guyyoota 148 ol tajaajila zero-day kan hin beekkaminitti fayyadamee ture. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

6 ଆଡାପ୍ଟେସନ୍ · 117 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ଅଦ୍ୟତନ 1/5 10/12/2025 10:51 PM	ଅଦ୍ୟତନ 2/5 10/12/2025 11:14 PM	ଅଦ୍ୟତନ 3/5 10/18/2025 09:14 AM	ଅଦ୍ୟତନ 4/5 10/18/2025 09:17 AM	ଅଦ୍ୟତନ 5/5 10/29/2025 09:36 PM
software_vendor	Tomofun	Tomofun	Tomofun	Tomofun	Tomofun
software_name	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini
software_component	MQTT Client Certificate	MQTT Client Certificate	MQTT Client Certificate	MQTT Client Certificate	MQTT Client Certificate
software_file	/squashfs-root/furbo_img	/squashfs-root/furbo_img	/squashfs-root/furbo_img	/squashfs-root/furbo_img	/squashfs-root/furbo_img
vulnerability_cwe	CWE-798 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-798 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-798 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-798 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-798 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)
vulnerability_risk	1	1	1	1	1
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	H	H	H	H	H
cvss3_vuldb_pr	N	N	N	N	N
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	N	N	N	N	N
source_cve	CVE-2025-11643	CVE-2025-11643	CVE-2025-11643	CVE-2025-11643	CVE-2025-11643
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
decision_summary	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	H	H	H	H	H
cvss2_vuldb_au	N	N	N	N	N
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	N	N	N	N	N
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	H	H	H	H	H
cvss4_vuldb_pr	N	N	N	N	N
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	N	N	N	N	N
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	N	N	N	N	N
cvss2_vuldb_e	ND	ND	ND	POC	POC
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND	ND	ND
cvss3_vuldb_e	X	X	X	P	P
cvss3_vuldb_rl	X	X	X	X	X
cvss3_vuldb_rc	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss4_vuldb_e	X	X	X	X	X
cvss2_vuldb_basescore	2.6	2.6	2.6	2.6	2.6
cvss2_vuldb_tempscore	2.6	2.6	2.6	2.6	2.3
cvss3_vuldb_basescore	3.7	3.7	3.7	3.7	3.7
cvss3_vuldb_tempscore	3.7	3.7	3.7	3.5	3.5
cvss3_meta_basescore	3.7	3.7	3.7	3.7	5.2
cvss3_meta_tempscore	3.7	3.7	3.7	3.6	5.1
cvss4_vuldb_bscore	6.3	6.3	6.3	6.3	6.3
cvss4_vuldb_btscore	6.3	6.3	6.3	2.9	2.9
advisory_date	1760133600 (10/11/2025)	1760133600 (10/11/2025)	1760133600 (10/11/2025)	1760133600 (10/11/2025)	1760133600 (10/11/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id	EUVD-2025-33906	EUVD-2025-33906	EUVD-2025-33906	EUVD-2025-33906	EUVD-2025-33906
cve_nvd_summary		A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.	A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.	A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.	A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N	N	N	N
cvss4_cna_ac		H	H	H	H
cvss4_cna_at		N	N	N	N
cvss4_cna_pr		N	N	N	N
cvss4_cna_ui		N	N	N	N
cvss4_cna_vc		N	N	N	N
cvss4_cna_vi		L	L	L	L
cvss4_cna_va		N	N	N	N
cvss4_cna_sc		N	N	N	N
cvss4_cna_si		N	N	N	N
cvss4_cna_sa		N	N	N	N
cvss4_cna_bscore		6.3	6.3	6.3	6.3
cvss3_cna_av		N	N	N	N
cvss3_cna_ac		H	H	H	H
cvss3_cna_pr		N	N	N	N
cvss3_cna_ui		N	N	N	N
cvss3_cna_s		U	U	U	U
cvss3_cna_c		N	N	N	N
cvss3_cna_i		L	L	L	L
cvss3_cna_a		N	N	N	N
cvss3_cna_basescore		3.7	3.7	3.7	3.7
cvss2_cna_av		N	N	N	N
cvss2_cna_ac		H	H	H	H
cvss2_cna_au		N	N	N	N
cvss2_cna_ci		N	N	N	N
cvss2_cna_ii		P	P	P	P
cvss2_cna_ai		N	N	N	N
cvss2_cna_basescore		2.6	2.6	2.6	2.6
company_website			https://www.softwaresecured.com/blog	https://www.softwaresecured.com/blog	https://www.softwaresecured.com/blog
advisory_confirm_date			1751509800 (07/03/2025)	1751509800 (07/03/2025)	1751509800 (07/03/2025)
advisory_disputed			0	0	0
exploit_availability			1	1	1
exploit_publicity			0	0	0
advisory_freeformen			An attacker who retrieves and decrypts the Furbo firmware can impersonate any device and connect to Furbo's MQTT infrastructure as a client. As a result, the device IDs of all users can be retrieved, and an attacker can identify what is being performed with a device at a specific point in time.	An attacker who retrieves and decrypts the Furbo firmware can impersonate any device and connect to Furbo's MQTT infrastructure as a client. As a result, the device IDs of all users can be retrieved, and an attacker can identify what is being performed with a device at a specific point in time.	An attacker who retrieves and decrypts the Furbo firmware can impersonate any device and connect to Furbo's MQTT infrastructure as a client. As a result, the device IDs of all users can be retrieved, and an attacker can identify what is being performed with a device at a specific point in time.
developer_nickname			dead1nfluence	dead1nfluence	dead1nfluence
vulnerability_historic			0	0	0
person_name			Calvin Star/Julian B	Calvin Star/Julian B	Calvin Star/Julian B
developer_name			Julian B	Julian B	Julian B
company_name			Software Secured	Software Secured	Software Secured
exploit_freeformen			Replication Steps: 1. Retrieve the Furbo firmware, and decrypt it. 2. Decompress the firmware with binwalk. 3. Navigate to: /squashfs-root/furbo_img 4. Decompress the squash file. 5. Find the certificates located in: /_furbo_service-<SVC VERSION>.sqsh.extracted/squashfs-root/config/ 6. Utilize a tool like mosquitto_sub in order to connect to the MQTT service using the certificates 7. Observe that you are subscribed to the endpoint as a "Furbo device" and can observe actions from every other Furbo	Replication Steps: 1. Retrieve the Furbo firmware, and decrypt it. 2. Decompress the firmware with binwalk. 3. Navigate to: /squashfs-root/furbo_img 4. Decompress the squash file. 5. Find the certificates located in: /_furbo_service-<SVC VERSION>.sqsh.extracted/squashfs-root/config/ 6. Utilize a tool like mosquitto_sub in order to connect to the MQTT service using the certificates 7. Observe that you are subscribed to the endpoint as a "Furbo device" and can observe actions from every other Furbo	Replication Steps: 1. Retrieve the Furbo firmware, and decrypt it. 2. Decompress the firmware with binwalk. 3. Navigate to: /squashfs-root/furbo_img 4. Decompress the squash file. 5. Find the certificates located in: /_furbo_service-<SVC VERSION>.sqsh.extracted/squashfs-root/config/ 6. Utilize a tool like mosquitto_sub in order to connect to the MQTT service using the certificates 7. Observe that you are subscribed to the endpoint as a "Furbo device" and can observe actions from every other Furbo
vulnerability_discoverydate			1747332000 (05/15/2025)	1747332000 (05/15/2025)	1747332000 (05/15/2025)
exploit_wormified			0	0	0
software_type			Firmware Software	Firmware Software	Firmware Software
vulnerability_vendorinformdate			1750539600 (06/21/2025)	1750539600 (06/21/2025)	1750539600 (06/21/2025)
person_nickname			skelet4r/dead1nfluence	skelet4r/dead1nfluence	skelet4r/dead1nfluence
advisory_falsepositive			0	0	0
cvss3_nvd_av					N
cvss3_nvd_ac					H
cvss3_nvd_pr					N
cvss3_nvd_ui					N
cvss3_nvd_s					U
cvss3_nvd_c					H
cvss3_nvd_i					H
cvss3_nvd_a					H
cvss3_nvd_basescore					8.1

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!