Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-11639

Опубликовано: 12 окт. 2025
Источник: nvd
CVSS3: 3.3
CVSS3: 5.5
CVSS2: 1.7
EPSS Низкий

Описание

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:furbo:furbo_mini_firmware:*:*:*:*:*:*:*:*
Версия до 074 (включая)
cpe:2.3:h:furbo:furbo_mini:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:*:*:*:*:*:*:*:*
Версия до 036 (включая)
cpe:2.3:h:furbo:furbo_360_dog_camera:*:*:*:*:*:*:*:*

EPSS

Процентиль: 7%
0.00026
Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-200
CWE-922

Связанные уязвимости

github логотип

GHSA-fx7j-c4vg-7m5h

CVSS3: 3.3
github
4 месяца назад

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 7%
0.00026
Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-200
CWE-922