CVE-2025-11650
BaseFortify
Publication date: 2025-10-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| furbo | furbo_mini_firmware | to 074 (inc) |
| furbo | furbo_mini | * |
| furbo | furbo_360_dog_camera_firmware | to 036 (inc) |
| furbo | furbo_360_dog_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
| CWE-328 | The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Tomofun Furbo 360 and Furbo Mini devices, specifically an unknown function related to the /etc/shadow file in the Password Handler component. The vulnerability allows manipulation that can lead to the use of a weak hash for passwords. Exploiting this vulnerability requires physical access to the device and is considered difficult due to the high complexity involved. The affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074.
How can this vulnerability impact me? :
The vulnerability can impact you by potentially weakening the security of password hashes stored on the device, which could allow an attacker with physical access to exploit weak password protections. However, the exploitability is difficult and requires high complexity, so the risk is relatively low. Still, if exploited, it could compromise password security on the affected devices.