| Название | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insertion of Sensitive Information into Log File |
|---|
| Описание | An attacker who is connected to the UART interface of the Furbo 360 device can observe the Firmware URL and the SecretKey, as well as the DeviceToken and DeviceId values. Using the firmware and SecretKey, the attacker can retrieve and decrypt the firmware files. With the DeviceToken and DeviceId values, they can impersonate the device and upload malicious files to a debug server used by Tomofun support. |
|---|
| Пользователь | jTag Labs (UID 51246) |
|---|
| Представление | 23.09.2025 19:09 (7 месяцы назад) |
|---|
| Модерация | 11.10.2025 20:33 (18 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 328045 [Tomofun Furbo 360/Furbo Mini UART Interface раскрытие информации] |
|---|
| Баллы | 16 |
|---|