| Título | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Information Disclosure |
|---|
| Descripción | An attacker within Bluetooth Low Energy (BLE) range of the Furbo Mini device can issue GATT read requests to a specific characteristic exposed by the device. This characteristic leaks the `p2puuid`—a unique identifier used by the Furbo backend infrastructure for video stream routing. By adding the Victim P2P ID to the attacker device and then removing the default p2p_auth file new credentials to be generated for the victim's p2p ID and the attacker stream's will replace the victim's stream in the victim's mobile app.
|
|---|
| Fuente | ⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md |
|---|
| Usuario | jTag Labs (UID 51246) |
|---|
| Sumisión | 2025-09-24 16:20 (hace 9 meses) |
|---|
| Moderación | 2025-10-11 20:34 (17 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 328057 [Tomofun Furbo 360/Furbo Mini GATT Service escalada de privilegios] |
|---|
| Puntos | 20 |
|---|