Submit #661900: Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Information Disclosureinfo

TitleTomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Information Disclosure
DescriptionAn attacker within Bluetooth Low Energy (BLE) range of the Furbo Mini device can issue GATT read requests to a specific characteristic exposed by the device. This characteristic leaks the `p2puuid`—a unique identifier used by the Furbo backend infrastructure for video stream routing. By adding the Victim P2P ID to the attacker device and then removing the default p2p_auth file new credentials to be generated for the victim's p2p ID and the attacker stream's will replace the victim's stream in the victim's mobile app.
Source⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md
User
 jTag Labs (UID 51246)
Submission09/24/2025 16:20 (9 months ago)
Moderation10/11/2025 20:34 (17 days later)
StatusAccepted
VulDB entry328057 [Tomofun Furbo 360/Furbo Mini GATT Service access control]
Points20

Interested in the pricing of exploits?

See the underground prices here!