| عنوان | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insertion of Sensitive Information into Log File |
|---|
| الوصف | An attacker who is connected to the UART interface of the Furbo 360 device can observe the Firmware URL and the SecretKey, as well as the DeviceToken and DeviceId values. Using the firmware and SecretKey, the attacker can retrieve and decrypt the firmware files. With the DeviceToken and DeviceId values, they can impersonate the device and upload malicious files to a debug server used by Tomofun support. |
|---|
| المستخدم | jTag Labs (UID 51246) |
|---|
| ارسال | 23/09/2025 07:09 PM (7 أشهر منذ) |
|---|
| الاعتدال | 11/10/2025 08:33 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 328045 [Tomofun Furbo 360/Furbo Mini UART Interface الكشف عن المعلومات] |
|---|
| النقاط | 16 |
|---|