Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-11635— Tomofun Furbo 360 File Upload resource consumption

CVSS 4.3 · Medium EPSS 0.04% · P11
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-11635

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Tomofun Furbo 360 File Upload resource consumption
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tomofun Furbo 360 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tomofun Furbo 360是中国台湾Tomofun公司的一款智能宠物摄像机。 Tomofun Furbo 360 FB0035_FW_036及之前版本存在安全漏洞,该漏洞源于文件上传组件存在资源消耗问题,可能导致远程攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
TomofunFurbo 360 FB0035_FW_036 -

II. Public POCs for CVE-2025-11635

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-11635

登录查看更多情报信息。

Same Patch Batch · Tomofun · 2025-10-12 · 18 CVEs total

CVE-2025-116497.0 HIGHTomofun Furbo 360/Furbo Mini Root Account hard-coded password
CVE-2025-116466.3 MEDIUMTomofun Furbo 360/Furbo Mini GATT Service access control
CVE-2025-116365.6 MEDIUMTomofun Furbo 360 Account server-side request forgery
CVE-2025-116485.6 MEDIUMTomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery
CVE-2025-116374.3 MEDIUMTomofun Furbo 360 Audio race condition
CVE-2025-116384.3 MEDIUMTomofun Furbo 360/Furbo Mini Bluetooth denial of service
CVE-2025-116424.0 MEDIUMTomofun Furbo 360/Furbo Mini Registration denial of service
CVE-2025-116413.9 LOWTomofun Furbo 360/Furbo Mini Trial Restriction access control
CVE-2025-116333.7 LOWTomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate va
CVE-2025-116433.7 LOWTomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials
CVE-2025-116393.3 LOWTomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information
CVE-2025-116473.1 LOWTomofun Furbo 360/Furbo Mini GATT Service information disclosure
CVE-2025-116403.1 LOWTomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission
CVE-2025-116342.4 LOWTomofun Furbo 360/Furbo Mini UART information disclosure
CVE-2025-116452.4 LOWTomofun Furbo Mobile App Authentication Token sensitive information
CVE-2025-116442.0 LOWTomofun Furbo 360/Furbo Mini UART sensitive information
CVE-2025-116501.8 LOWTomofun Furbo 360/Furbo Mini Password shadow weak hash

IV. Related Vulnerabilities

Same product: Furbo 360
Same vendor: Tomofun
Same weakness: CWE-400

V. Comments for CVE-2025-11635

No comments yet

Leave a comment