| Titolo | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Information Disclosure |
|---|
| Descrizione | An attacker within Bluetooth Low Energy (BLE) range of the Furbo Mini device can issue GATT read requests to a specific characteristic exposed by the device. This characteristic leaks the `p2puuid`—a unique identifier used by the Furbo backend infrastructure for video stream routing. By adding the Victim P2P ID to the attacker device and then removing the default p2p_auth file new credentials to be generated for the victim's p2p ID and the attacker stream's will replace the victim's stream in the victim's mobile app.
|
|---|
| Fonte | ⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md |
|---|
| Utente | jTag Labs (UID 51246) |
|---|
| Sottomissione | 24/09/2025 16:20 (9 mesi fa) |
|---|
| Moderazione | 11/10/2025 20:34 (17 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 328057 [Tomofun Furbo 360/Furbo Mini GATT Service escalationi di privilegi] |
|---|
| Punti | 20 |
|---|