Description
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Es wurde eine Schwachstelle in Tomofun Furbo 360 and Furbo Mini entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente UART Interface. Die Manipulation führt zu information disclosure. Ein Angriff auf das physische Gerät kann durchgeführt werden. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Product status
Timeline
| 2025-05-15: | Vulnerability found |
| 2025-06-21: | Vendor informed |
| 2025-07-03: | Vendor acknowledged |
| 2025-10-11: | Advisory disclosed |
| 2025-10-11: | VulDB entry created |
| 2025-10-13: | VulDB entry last update |
Credits
Calvin Star (Software Secured)
Julian B (Software Secured)
jTag Labs (VulDB User)
jTag Labs (VulDB User)
References
vuldb.com/?id.328045 (VDB-328045 | Tomofun Furbo 360/Furbo Mini UART information disclosure)
vuldb.com/?ctiid.328045 (VDB-328045 | CTI Indicators (IOB, IOC, TTP))
vuldb.com/?submit.661353 (Submit #661353 | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insertion of Sensitive Information into Log File)
