| タイトル | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Storage of Sensitive Information |
|---|
| 説明 | An attacker who retrieves the x-amz-grant-full-control ID from the collect_logs.sh file located on the Furbo device can use it to upload arbitrary data to the Furbo Device Debug Log S3 bucket. This may pollute the data source for Furbo, or result in a compromise of their systems or services if malware is uploaded and later executed. Additionally, as device IDs are issued sequentially, it is possible that an attacker could upload arbitrary files which would be associated with other Furbo user's devices. |
|---|
| ユーザー | jTag Labs (UID 51246) |
|---|
| 送信 | 2025年09月23日 19:15 (7 月 ago) |
|---|
| モデレーション | 2025年10月11日 20:33 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 328050 [Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh 情報漏えい] |
|---|
| ポイント | 17 |
|---|