CVE-2025-11634

Опубликовано: 12 окт. 2025

Источник: nvd

CVSS3: 2.4

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://vuldb.com/?ctiid.328045
Permissions Required
VDB Entry
https://vuldb.com/?id.328045
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.661353
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:furbo:furbo_mini_firmware:*:*:*:*:*:*:*:*

Версия до 074 (включая)

cpe:2.3:h:furbo:furbo_mini:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:*:*:*:*:*:*:*:*

Версия до 036 (включая)

cpe:2.3:h:furbo:furbo_360_dog_camera:*:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00019

Низкий

2.4 Low

CVSS3

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-g9w2-p73p-6qrw

CVSS3: 2.4

github

4 месяца назад

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 4%

0.00019

Низкий

2.4 Low

CVSS3

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo