| عنوان | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Information Disclosure |
|---|
| الوصف | An attacker within Bluetooth Low Energy (BLE) range of the Furbo Mini device can issue GATT read requests to a specific characteristic exposed by the device. This characteristic leaks the `p2puuid`—a unique identifier used by the Furbo backend infrastructure for video stream routing. By adding the Victim P2P ID to the attacker device and then removing the default p2p_auth file new credentials to be generated for the victim's p2p ID and the attacker stream's will replace the victim's stream in the victim's mobile app.
|
|---|
| المصدر | ⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md |
|---|
| المستخدم | jTag Labs (UID 51246) |
|---|
| ارسال | 24/09/2025 04:20 PM (9 أشهر منذ) |
|---|
| الاعتدال | 11/10/2025 08:34 PM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 328057 [Tomofun Furbo 360/Furbo Mini GATT Service تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|