| 제목 | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Storage of Sensitve Information |
|---|
| 설명 | An attacker who retrieves the x-amz-grant-full-control ID from the collect_logs.sh file located on the Furbo device can use it to upload arbitrary data to the Furbo Device Debug Log S3 bucket. This may pollute the data source for Furbo, or result in a compromise of their systems or services if malware is uploaded and later executed. Additionally, as device IDs are issued sequentially, (see Android Finding 001), it is possible that an attacker could upload arbitrary files which would be associated with other Furbo user's devices.
Replication Steps:
Connect to the Furbo device or unsquash the Furbo service file.
If on device, navigate to /tmp/furbo_app/bin/ and run: cat collect_logs.sh
Observe that the a-amz-grant-full-control header is stored in the file. This header can be used to upload files to the S3 bucket as if you were a Furbo device. |
|---|
| 사용자 | jTag Labs (UID 51246) |
|---|
| 제출 | 2025. 09. 24. PM 04:05 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 11. PM 08:33 (17 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 328050 [Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh 정보 공개] |
|---|
| 포인트들 | 0 |
|---|