Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-11645— Tomofun Furbo Mobile App Authentication Token sensitive information

CVSS 2.4 · Low EPSS 0.02% · P6
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-11645

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Tomofun Furbo Mobile App Authentication Token sensitive information
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感信息的不安全存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tomofun Furbo Mobile App 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tomofun Furbo Mobile App是中国台湾Tomofun公司的一款用于宠物摄像头的手机应用。 Tomofun Furbo Mobile App 7.57.0a及之前版本存在安全漏洞,该漏洞源于组件Authentication Token Handler不安全存储敏感信息,可能导致信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
TomofunFurbo Mobile App 7.57.0a -

II. Public POCs for CVE-2025-11645

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-11645

登录查看更多情报信息。

Same Patch Batch · Tomofun · 2025-10-12 · 18 CVEs total

CVE-2025-116497.0 HIGHTomofun Furbo 360/Furbo Mini Root Account hard-coded password
CVE-2025-116466.3 MEDIUMTomofun Furbo 360/Furbo Mini GATT Service access control
CVE-2025-116365.6 MEDIUMTomofun Furbo 360 Account server-side request forgery
CVE-2025-116485.6 MEDIUMTomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery
CVE-2025-116354.3 MEDIUMTomofun Furbo 360 File Upload resource consumption
CVE-2025-116374.3 MEDIUMTomofun Furbo 360 Audio race condition
CVE-2025-116384.3 MEDIUMTomofun Furbo 360/Furbo Mini Bluetooth denial of service
CVE-2025-116424.0 MEDIUMTomofun Furbo 360/Furbo Mini Registration denial of service
CVE-2025-116413.9 LOWTomofun Furbo 360/Furbo Mini Trial Restriction access control
CVE-2025-116333.7 LOWTomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate va
CVE-2025-116433.7 LOWTomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials
CVE-2025-116393.3 LOWTomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information
CVE-2025-116473.1 LOWTomofun Furbo 360/Furbo Mini GATT Service information disclosure
CVE-2025-116403.1 LOWTomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission
CVE-2025-116342.4 LOWTomofun Furbo 360/Furbo Mini UART information disclosure
CVE-2025-116442.0 LOWTomofun Furbo 360/Furbo Mini UART sensitive information
CVE-2025-116501.8 LOWTomofun Furbo 360/Furbo Mini Password shadow weak hash

IV. Related Vulnerabilities

Same vendor: Tomofun
Same weakness: CWE-922

V. Comments for CVE-2025-11645

No comments yet

Leave a comment