VDB-328060 · CVE-2025-11649 · EUVD-2025-33912

Tomofun Furbo 360/Furbo Mini Root Account ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame Tomofun Furbo 360 and Furbo Mini keessatti argameera. Miidhaan irra gahe is hojii hin beekamne kutaa Root Account Handler keessa. Dhugumatti jijjiirraa gara ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-259 si geessa. Dogoggorri 05/15/2025 irratti adda bahe. Beekumsi kun yeroo 10/11/2025 ifoomsifameera kan ifoomsise Calvin Star, Julian B (skelet4r and dead1nfluence) waliin Software Secured. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-11649 jedhuun tajaajilama. Weerara sun bakka dhuunfaatti qofa raawwatamuu danda'a. Odeeffannoon teeknikaa hin jiru. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Hanqinni kun guyyoota 148 ol tajaajila zero-day kan hin beekkaminitti fayyadamee ture. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

5 ଆଡାପ୍ଟେସନ୍ · 111 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/11/2025 08:39 PM	ଅଦ୍ୟତନ 1/4 10/13/2025 02:20 AM	ଅଦ୍ୟତନ 2/4 10/13/2025 02:27 AM	ଅଦ୍ୟତନ 3/4 10/20/2025 06:38 AM	ଅଦ୍ୟତନ 4/4 10/28/2025 05:55 AM
software_vendor	Tomofun	Tomofun	Tomofun	Tomofun	Tomofun
software_name	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini	Furbo 360/Furbo Mini
software_component	Root Account Handler	Root Account Handler	Root Account Handler	Root Account Handler	Root Account Handler
vulnerability_cwe	CWE-259 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-259 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-259 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-259 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)	CWE-259 (ଦୁର୍ବଳ ପ୍ରାମାଣିକରଣ)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	L	L	L	L	L
cvss3_vuldb_ac	H	H	H	H	H
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	H	H	H	H	H
cvss3_vuldb_i	H	H	H	H	H
cvss3_vuldb_a	H	H	H	H	H
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_url	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md	https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md
source_cve	CVE-2025-11649	CVE-2025-11649	CVE-2025-11649	CVE-2025-11649	CVE-2025-11649
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
decision_summary	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.	The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	H	H	H	H	H
cvss4_vuldb_vi	H	H	H	H	H
cvss4_vuldb_va	H	H	H	H	H
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	6.0	6.0	6.0	6.0	6.0
cvss2_vuldb_tempscore	5.1	5.1	5.1	5.1	5.1
cvss3_vuldb_basescore	7.0	7.0	7.0	7.0	7.0
cvss3_vuldb_tempscore	6.4	6.4	6.4	6.4	6.4
cvss3_meta_basescore	7.0	7.0	7.0	7.0	6.8
cvss3_meta_tempscore	6.4	6.4	6.7	6.7	6.6
cvss4_vuldb_bscore	7.3	7.3	7.3	7.3	7.3
cvss4_vuldb_btscore	6.4	6.4	6.4	6.4	6.4
advisory_date	1760133600 (10/11/2025)	1760133600 (10/11/2025)	1760133600 (10/11/2025)	1760133600 (10/11/2025)	1760133600 (10/11/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cvss2_vuldb_av	L	L	L	L	L
cvss2_vuldb_ac	H	H	H	H	H
cvss2_vuldb_ci	C	C	C	C	C
cvss2_vuldb_ii	C	C	C	C	C
cvss2_vuldb_ai	C	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	L	L	L	L	L
cvss4_vuldb_ac	H	H	H	H	H
cvss4_vuldb_pr	L	L	L	L	L
euvd_id		EUVD-2025-33912	EUVD-2025-33912	EUVD-2025-33912	EUVD-2025-33912
cve_nvd_summary			A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av			L	L	L
cvss4_cna_ac			H	H	H
cvss4_cna_at			N	N	N
cvss4_cna_pr			L	L	L
cvss4_cna_ui			N	N	N
cvss4_cna_vc			H	H	H
cvss4_cna_vi			H	H	H
cvss4_cna_va			H	H	H
cvss4_cna_sc			N	N	N
cvss4_cna_si			N	N	N
cvss4_cna_sa			N	N	N
cvss4_cna_bscore			7.3	7.3	7.3
cvss3_cna_av			L	L	L
cvss3_cna_ac			H	H	H
cvss3_cna_pr			L	L	L
cvss3_cna_ui			N	N	N
cvss3_cna_s			U	U	U
cvss3_cna_c			H	H	H
cvss3_cna_i			H	H	H
cvss3_cna_a			H	H	H
cvss3_cna_basescore			7	7	7
cvss2_cna_av			L	L	L
cvss2_cna_ac			H	H	H
cvss2_cna_au			S	S	S
cvss2_cna_ci			C	C	C
cvss2_cna_ii			C	C	C
cvss2_cna_ai			C	C	C
cvss2_cna_basescore			6	6	6
person_nickname				skelet4r/dead1nfluence	skelet4r/dead1nfluence
software_type				Firmware Software	Firmware Software
company_name				Software Secured	Software Secured
exploit_wormified				0	0
advisory_freeformen				The Furbo device contains a hard-coded password for the local root user account. This password is stored on a read-only partition in the firmware and cannot be modified or reset by the device owner.	The Furbo device contains a hard-coded password for the local root user account. This password is stored on a read-only partition in the firmware and cannot be modified or reset by the device owner.
advisory_disputed				0	0
company_website				https://www.softwaresecured.com/blog	https://www.softwaresecured.com/blog
exploit_language				Bash	Bash
vulnerability_historic				0	0
vulnerability_vendorinformdate				1750539600 (06/21/2025)	1750539600 (06/21/2025)
advisory_falsepositive				0	0
person_name				Calvin Star/Julian B	Calvin Star/Julian B
advisory_confirm_date				1751509800 (07/03/2025)	1751509800 (07/03/2025)
vulnerability_discoverydate				1747332000 (05/15/2025)	1747332000 (05/15/2025)
cvss3_nvd_av					P
cvss3_nvd_ac					H
cvss3_nvd_pr					L
cvss3_nvd_ui					N
cvss3_nvd_s					U
cvss3_nvd_c					H
cvss3_nvd_i					H
cvss3_nvd_a					H
cvss3_nvd_basescore					6.3

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!