CVE-2025-11643
BaseFortify
Publication date: 2025-10-12
Last updated on: 2025-10-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| furbo | furbo_mini_firmware | to 074 (inc) |
| furbo | furbo_mini | * |
| furbo | furbo_360_dog_camera_firmware | to 036 (inc) |
| furbo | furbo_360_dog_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in Tomofun Furbo 360 and Furbo Mini devices related to the MQTT Client Certificate component. It involves manipulation of the file /squashfs-root/furbo_img, which results in hard-coded credentials being exposed or used. The attack can be initiated remotely but is considered difficult to exploit due to its high complexity.
How can this vulnerability impact me? :
The vulnerability can lead to exposure or misuse of hard-coded credentials, potentially allowing an attacker to perform unauthorized actions on the affected devices remotely. However, the impact is limited as the confidentiality is not affected, but integrity can be compromised. The overall severity is low to moderate based on CVSS scores.