Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Furbo 360 — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in Furbo 360, with AI-generated Chinese analysis, references, and POCs.

Vendor: Tomofun

CVE IDTitleCVSSSeverityPublished
CVE-2025-11650 Tomofun Furbo 360/Furbo Mini Password shadow weak hash CWE-328 1.8 Low2025-10-12
CVE-2025-11649 Tomofun Furbo 360/Furbo Mini Root Account hard-coded password CWE-259 7.0 High2025-10-12
CVE-2025-11648 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery CWE-918 5.6 Medium2025-10-12
CVE-2025-11647 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure CWE-200 3.1 Low2025-10-12
CVE-2025-11646 Tomofun Furbo 360/Furbo Mini GATT Service access control CWE-284 6.3 Medium2025-10-12
CVE-2025-11644 Tomofun Furbo 360/Furbo Mini UART sensitive information CWE-922 2.0 Low2025-10-12
CVE-2025-11643 Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials CWE-798 3.7 Low2025-10-12
CVE-2025-11642 Tomofun Furbo 360/Furbo Mini Registration denial of service CWE-404 4.0 Medium2025-10-12
CVE-2025-11641 Tomofun Furbo 360/Furbo Mini Trial Restriction access control CWE-284 3.9 Low2025-10-12
CVE-2025-11640 Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission CWE-319 3.1 Low2025-10-12
CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information CWE-922 3.3 Low2025-10-12
CVE-2025-11638 Tomofun Furbo 360/Furbo Mini Bluetooth denial of service CWE-404 4.3 Medium2025-10-12
CVE-2025-11637 Tomofun Furbo 360 Audio race condition CWE-362 4.3 Medium2025-10-12
CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery CWE-918 5.6 Medium2025-10-12
CVE-2025-11635 Tomofun Furbo 360 File Upload resource consumption CWE-400 4.3 Medium2025-10-12
CVE-2025-11634 Tomofun Furbo 360/Furbo Mini UART information disclosure CWE-200 2.4 Low2025-10-12
CVE-2025-11633 Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation CWE-295 3.7 Low2025-10-12

All 17 known CVE vulnerabilities affecting Furbo 360 with full Chinese analysis, references, and POCs where available.