CVE-2025-11646

Опубликовано: 12 окт. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.328057
Permissions Required
VDB Entry
https://vuldb.com/?id.328057
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.661900
Third Party Advisory
VDB Entry
https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:furbo:furbo_mini_firmware:*:*:*:*:*:*:*:*

Версия до 074 (включая)

cpe:2.3:h:furbo:furbo_mini:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:*:*:*:*:*:*:*:*

Версия до 036 (включая)

cpe:2.3:h:furbo:furbo_360_dog_camera:*:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

6.3 Medium

CVSS3

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-266

Связанные уязвимости

GHSA-fhvm-9728-77cm

CVSS3: 6.3

github

4 месяца назад

EPSS

Процентиль: 7%

0.00027

Низкий

6.3 Medium

CVSS3

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-266