| 제목 | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insertion of Sensitive Information into Log File |
|---|
| 설명 | An attacker who is connected to the UART interface of the Furbo 360 device can observe the Firmware URL and the SecretKey, as well as the DeviceToken and DeviceId values. Using the firmware and SecretKey, the attacker can retrieve and decrypt the firmware files. With the DeviceToken and DeviceId values, they can impersonate the device and upload malicious files to a debug server used by Tomofun support. |
|---|
| 사용자 | jTag Labs (UID 51246) |
|---|
| 제출 | 2025. 09. 23. PM 07:09 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 11. PM 08:33 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 328045 [Tomofun Furbo 360/Furbo Mini UART Interface 정보 공개] |
|---|
| 포인트들 | 16 |
|---|