Tomofun Furbo 360/Furbo Mini UART Interface ସୂଚନା ପ୍ରକାଶ

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu Tomofun Furbo 360 and Furbo Mini keessatti argameera. Miidhamni argame is hojii hin beekamne kutaa UART Interface keessa. Wanti jijjiirame gara ସୂଚନା ପ୍ରକାଶ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-922 si geessa. Dogoggorri 05/15/2025 irratti mul’ate. Odeeffannoon kun yeroo 10/11/2025 maxxanfameera kan maxxansiise Calvin Star, Julian B (skelet4r and dead1nfluence) waliin Software Secured. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2025-11644 jedhamee waamama. Weerara meeshaa qaamaa irratti gaggeessuun ni danda'ama. Ibsa teeknikaa hin jiru. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit github.com irraa buufachuun ni danda'ama. Hanqinni kun guyyoota 148 caalaa akka zero-day kan ummataaf hin ifneetti fayyadamee ture. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

5 ଆଡାପ୍ଟେସନ୍ · 112 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
10/11/2025 08:38 PM		ଅଦ୍ୟତନ 1/4
10/12/2025 11:07 PM		ଅଦ୍ୟତନ 2/4
10/12/2025 11:14 PM		ଅଦ୍ୟତନ 3/4
10/18/2025 09:14 AM		ଅଦ୍ୟତନ 4/4
10/29/2025 09:36 PM
software_vendorTomofunTomofunTomofunTomofunTomofun
software_nameFurbo 360/Furbo MiniFurbo 360/Furbo MiniFurbo 360/Furbo MiniFurbo 360/Furbo MiniFurbo 360/Furbo Mini
software_componentUART InterfaceUART InterfaceUART InterfaceUART InterfaceUART Interface
vulnerability_cweCWE-922 (ସୂଚନା ପ୍ରକାଶ)CWE-922 (ସୂଚନା ପ୍ରକାଶ)CWE-922 (ସୂଚନା ପ୍ରକାଶ)CWE-922 (ସୂଚନା ପ୍ରକାଶ)CWE-922 (ସୂଚନା ପ୍ରକାଶ)
vulnerability_risk11111
cvss3_vuldb_avPPPPP
cvss3_vuldb_acHHHHH
cvss3_vuldb_prNNNNN
cvss3_vuldb_uiNNNNN
cvss3_vuldb_sUUUUU
cvss3_vuldb_cLLLLL
cvss3_vuldb_iNNNNN
cvss3_vuldb_aNNNNN
cvss3_vuldb_ePPPPP
cvss3_vuldb_rcRRRRR
advisory_urlhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.md
exploit_availability11111
exploit_publicity11100
exploit_urlhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXX.mdhttps://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXX.md
source_cveCVE-2025-11644CVE-2025-11644CVE-2025-11644CVE-2025-11644CVE-2025-11644
cna_responsibleVulDBVulDBVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
decision_summaryThe firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.
cvss2_vuldb_avLLLLL
cvss2_vuldb_acHHHHH
cvss2_vuldb_auNNNNN
cvss2_vuldb_ciPPPPP
cvss2_vuldb_iiNNNNN
cvss2_vuldb_aiNNNNN
cvss2_vuldb_ePOCPOCPOCPOCPOC
cvss2_vuldb_rcURURURURUR
cvss4_vuldb_avPPPPP
cvss4_vuldb_acHHHHH
cvss4_vuldb_prNNNNN
cvss4_vuldb_uiNNNNN
cvss4_vuldb_vcLLLLL
cvss4_vuldb_viNNNNN
cvss4_vuldb_vaNNNNN
cvss4_vuldb_ePPPPP
cvss2_vuldb_rlNDNDNDNDND
cvss3_vuldb_rlXXXXX
cvss4_vuldb_atNNNNN
cvss4_vuldb_scNNNNN
cvss4_vuldb_siNNNNN
cvss4_vuldb_saNNNNN
cvss2_vuldb_basescore1.21.21.21.21.2
cvss2_vuldb_tempscore1.01.01.01.01.0
cvss3_vuldb_basescore2.02.02.02.02.0
cvss3_vuldb_tempscore1.91.91.91.91.9
cvss3_meta_basescore2.02.02.02.02.7
cvss3_meta_tempscore1.91.91.91.92.7
cvss4_vuldb_bscore1.01.01.01.01.0
cvss4_vuldb_btscore0.30.30.30.30.3
advisory_date1760133600 (10/11/2025)1760133600 (10/11/2025)1760133600 (10/11/2025)1760133600 (10/11/2025)1760133600 (10/11/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
euvd_idEUVD-2025-33909EUVD-2025-33909EUVD-2025-33909EUVD-2025-33909
cve_nvd_summaryA weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be exploited. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be exploited. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_avPPP
cvss4_cna_acHHH
cvss4_cna_atNNN
cvss4_cna_prNNN
cvss4_cna_uiNNN
cvss4_cna_vcLLL
cvss4_cna_viNNN
cvss4_cna_vaNNN
cvss4_cna_scNNN
cvss4_cna_siNNN
cvss4_cna_saNNN
cvss4_cna_bscore111
cvss3_cna_avPPP
cvss3_cna_acHHH
cvss3_cna_prNNN
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cLLL
cvss3_cna_iNNN
cvss3_cna_aNNN
cvss3_cna_basescore222
cvss2_cna_avLLL
cvss2_cna_acHHH
cvss2_cna_auNNN
cvss2_cna_ciPPP
cvss2_cna_iiNNN
cvss2_cna_aiNNN
cvss2_cna_basescore1.21.21.2
advisory_disputed00
exploit_wormified00
exploit_freeformenReplication Steps: 1. Disassemble the Furbo device. 2. Connect to the 4-pin UART port. 3. On your host device run: sudo screen /dev/ttyUSB0 115200 4. Start the Furbo device 5. Observe as sensitive device details are all printed over UART.Replication Steps: 1. Disassemble the Furbo device. 2. Connect to the 4-pin UART port. 3. On your host device run: sudo screen /dev/ttyUSB0 115200 4. Start the Furbo device 5. Observe as sensitive device details are all printed over UART.
company_websitehttps://www.softwaresecured.com/bloghttps://www.softwaresecured.com/blog
company_nameSoftware SecuredSoftware Secured
software_typeFirmware SoftwareFirmware Software
advisory_falsepositive00
vulnerability_vendorinformdate1750539600 (06/21/2025)1750539600 (06/21/2025)
advisory_confirm_date1751509800 (07/03/2025)1751509800 (07/03/2025)
person_nicknameskelet4r/dead1nfluenceskelet4r/dead1nfluence
person_nameCalvin Star/Julian BCalvin Star/Julian B
vulnerability_historic00
vulnerability_discoverydate1747332000 (05/15/2025)1747332000 (05/15/2025)
advisory_freeformenAn attacker who is connected to the UART interface of the Furbo Mini can observe sensitive information being transmitted across the interface without requiring to authenticate with the device. Sensitive details include but aren't limited to: Firmware Decryption Key, DeviceToken, DeviceID, AccountID, P2P UUID and P2P Auth Details. These sensitive details can be used to perform various attacks against the victim device and account.An attacker who is connected to the UART interface of the Furbo Mini can observe sensitive information being transmitted across the interface without requiring to authenticate with the device. Sensitive details include but aren't limited to: Firmware Decryption Key, DeviceToken, DeviceID, AccountID, P2P UUID and P2P Auth Details. These sensitive details can be used to perform various attacks against the victim device and account.
cvss3_nvd_avP
cvss3_nvd_acH
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss3_nvd_basescore4.2

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Do you know our Splunk app?

Download it now for free!