CVE-2025-11647
BaseFortify
Publication date: 2025-10-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| furbo | furbo_mini_firmware | to 074 (inc) |
| furbo | furbo_mini | * |
| furbo | furbo_360_dog_camera_firmware | to 036 (inc) |
| furbo | furbo_360_dog_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in Tomofun Furbo 360 and Furbo Mini devices related to the processing of the GATT Service component. Specifically, manipulation of the DeviceToken argument can lead to information disclosure. The attack can only be performed within the local network and requires a high degree of complexity, making exploitation difficult. The affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure if exploited. However, exploitation is difficult and limited to attackers within the local network. This means sensitive information from the affected devices could be exposed to unauthorized local attackers.