CVE-2025-11634 | THREATINT

Description

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Es wurde eine Schwachstelle in Tomofun Furbo 360 and Furbo Mini entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente UART Interface. Die Manipulation führt zu information disclosure. Ein Angriff auf das physische Gerät kann durchgeführt werden.

PUBLISHED Reserved 2025-10-11 | Published 2025-10-12 | Updated 2025-10-12 | Assigner VulDB

LOW: 2.4CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

LOW: 2.4CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X

LOW: 2.4CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X

2.1AV:L/AC:L/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:ND

Problem types

Information Disclosure

Improper Access Controls

Product status

Any version

affected

Any version

affected

Timeline

2025-10-11:	Advisory disclosed
2025-10-11:	VulDB entry created
2025-10-11:	VulDB entry last update

Credits

jTag Labs (VulDB User) reporter

References

vuldb.com/?id.328045 (VDB-328045 | Tomofun Furbo 360/Furbo Mini UART information disclosure) vdb-entry

vuldb.com/?ctiid.328045 (VDB-328045 | CTI Indicators (IOB, IOC, TTP)) signature permissions-required

vuldb.com/?submit.661353 (Submit #661353 | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insertion of Sensitive Information into Log File) third-party-advisory

cve.org (CVE-2025-11634)

nvd.nist.gov (CVE-2025-11634)

Download JSON