Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tomofun — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Tomofun. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tomofun develops interactive pet cameras and toys that enable remote monitoring and engagement with pets through mobile applications. Historically, their products have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure authentication mechanisms. The company has faced scrutiny for security flaws in its cloud infrastructure and mobile apps, with 18 CVEs documented to date, exposing users to potential unauthorized access and device hijacking. These vulnerabilities have allowed attackers to compromise user accounts, view live feeds, and gain control of connected devices, highlighting significant privacy and security risks in their IoT ecosystem.

Top products by Tomofun: Furbo 360 Furbo Mobile App
CVE IDTitleCVSSSeverityPublished
CVE-2025-11650 Tomofun Furbo 360/Furbo Mini Password shadow weak hash — Furbo 360CWE-328 1.8 Low2025-10-12
CVE-2025-11649 Tomofun Furbo 360/Furbo Mini Root Account hard-coded password — Furbo 360CWE-259 7.0 High2025-10-12
CVE-2025-11648 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery — Furbo 360CWE-918 5.6 Medium2025-10-12
CVE-2025-11647 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure — Furbo 360CWE-200 3.1 Low2025-10-12
CVE-2025-11646 Tomofun Furbo 360/Furbo Mini GATT Service access control — Furbo 360CWE-284 6.3 Medium2025-10-12
CVE-2025-11645 Tomofun Furbo Mobile App Authentication Token sensitive information — Furbo Mobile AppCWE-922 2.4 Low2025-10-12
CVE-2025-11644 Tomofun Furbo 360/Furbo Mini UART sensitive information — Furbo 360CWE-922 2.0 Low2025-10-12
CVE-2025-11643 Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials — Furbo 360CWE-798 3.7 Low2025-10-12
CVE-2025-11642 Tomofun Furbo 360/Furbo Mini Registration denial of service — Furbo 360CWE-404 4.0 Medium2025-10-12
CVE-2025-11641 Tomofun Furbo 360/Furbo Mini Trial Restriction access control — Furbo 360CWE-284 3.9 Low2025-10-12
CVE-2025-11640 Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission — Furbo 360CWE-319 3.1 Low2025-10-12
CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information — Furbo 360CWE-922 3.3 Low2025-10-12
CVE-2025-11638 Tomofun Furbo 360/Furbo Mini Bluetooth denial of service — Furbo 360CWE-404 4.3 Medium2025-10-12
CVE-2025-11637 Tomofun Furbo 360 Audio race condition — Furbo 360CWE-362 4.3 Medium2025-10-12
CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery — Furbo 360CWE-918 5.6 Medium2025-10-12
CVE-2025-11635 Tomofun Furbo 360 File Upload resource consumption — Furbo 360CWE-400 4.3 Medium2025-10-12
CVE-2025-11634 Tomofun Furbo 360/Furbo Mini UART information disclosure — Furbo 360CWE-200 2.4 Low2025-10-12
CVE-2025-11633 Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation — Furbo 360CWE-295 3.7 Low2025-10-12

This page lists every published CVE security advisory associated with Tomofun. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.