| عنوان | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Improper Certificate Validation |
|---|
| الوصف | An attacker located upstream from the Furbo device can intercept the HTTPS traffic and decrypt it by impersonating the server and certificate. This is due to the request being made with curl -k which ignores certificate checks. As a result, the attacker can decrypt the traffic and review the firehose logs which are transmitted to the server. These base64 encoded logs contain data about the user's account ID, device ID, configurations, and other information. With this, an attacker could perform more refined attacks against the device or the individual in possession of the device. |
|---|
| المستخدم | jTag Labs (UID 51246) |
|---|
| ارسال | 23/09/2025 07:07 PM (7 أشهر منذ) |
|---|
| الاعتدال | 11/10/2025 08:33 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 328044 [Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 توثيق ضعيف] |
|---|
| النقاط | 17 |
|---|