Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-11642— Tomofun Furbo 360/Furbo Mini Registration denial of service

CVSS 4.0 · Medium EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-11642

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Tomofun Furbo 360/Furbo Mini Registration denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The exploitability is told to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不恰当的资源关闭或释放
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tomofun Furbo 360和Tomofun Furbo Mini 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tomofun Furbo 360和Tomofun Furbo Mini都是中国台湾Tomofun公司的一款智能宠物摄像机。 Tomofun Furbo 360和Tomofun Furbo Mini存在安全漏洞,该漏洞源于组件Registration Handler存在未知功能错误操作,可能导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
TomofunFurbo 360 n/a -
TomofunFurbo Mini n/a -

II. Public POCs for CVE-2025-11642

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-11642

登录查看更多情报信息。

Same Patch Batch · Tomofun · 2025-10-12 · 18 CVEs total

CVE-2025-116497.0 HIGHTomofun Furbo 360/Furbo Mini Root Account hard-coded password
CVE-2025-116466.3 MEDIUMTomofun Furbo 360/Furbo Mini GATT Service access control
CVE-2025-116365.6 MEDIUMTomofun Furbo 360 Account server-side request forgery
CVE-2025-116485.6 MEDIUMTomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery
CVE-2025-116354.3 MEDIUMTomofun Furbo 360 File Upload resource consumption
CVE-2025-116374.3 MEDIUMTomofun Furbo 360 Audio race condition
CVE-2025-116384.3 MEDIUMTomofun Furbo 360/Furbo Mini Bluetooth denial of service
CVE-2025-116413.9 LOWTomofun Furbo 360/Furbo Mini Trial Restriction access control
CVE-2025-116333.7 LOWTomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate va
CVE-2025-116433.7 LOWTomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials
CVE-2025-116393.3 LOWTomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information
CVE-2025-116473.1 LOWTomofun Furbo 360/Furbo Mini GATT Service information disclosure
CVE-2025-116403.1 LOWTomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission
CVE-2025-116342.4 LOWTomofun Furbo 360/Furbo Mini UART information disclosure
CVE-2025-116452.4 LOWTomofun Furbo Mobile App Authentication Token sensitive information
CVE-2025-116442.0 LOWTomofun Furbo 360/Furbo Mini UART sensitive information
CVE-2025-116501.8 LOWTomofun Furbo 360/Furbo Mini Password shadow weak hash

IV. Related Vulnerabilities

Same product: Furbo 360
Same vendor: Tomofun
Same weakness: CWE-404

V. Comments for CVE-2025-11642

No comments yet

Leave a comment