| tiêu đề | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Storage of Sensitive Information |
|---|
| Mô tả | An attacker who obtains a previously owned device, such as one which has been returned to Amazon or another seller, may connect to the device over UART and retrieve the SSID and Wi-Fi password of the previous owner. Factory resets do not remove the contents of the /tmp/wpa_supplicant.conf file used for Wi-Fi authentication. Using a website like Wigle.net they may be able to geo-locate the previous owner and travel to their home address where they could connect to their network. |
|---|
| Nguồn | ⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure%20Storage%20of%20Sensitve%20Information%20-%20CVE-2025-XXXXX.md |
|---|
| Người dùng | jTag Labs (UID 51246) |
|---|
| Đệ trình | 24/09/2025 16:11 (cách đây 7 các tháng) |
|---|
| Kiểm duyệt | 11/10/2025 20:33 (17 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 328055 [Tomofun Furbo 360/Furbo Mini UART Interface tiết lộ thông tin] |
|---|
| điểm | 20 |
|---|