| Title | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Application Logic Bypass Leading to Denial of Service |
|---|
| Description | An attacker with physical access to a Furbo device can spoof the MAC address of an unregistered camera and complete the registration process using their own account. This results in a denial of service for the future legitimate owner of the device, as they are then unable to register it upon receipt. This cannot be undone by a regular customer as it would require a new device ID to be set on the purchased device, which requires command line access to the device. |
|---|
| User | jTag Labs (UID 51246) |
|---|
| Submission | 09/23/2025 19:23 (7 months ago) |
|---|
| Moderation | 10/11/2025 20:33 (18 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 328053 [Tomofun Furbo 360/Furbo Mini Registration denial of service] |
|---|
| Points | 17 |
|---|