Approved changes feed: RSS · Atom

cpe:2.3:o:furbo:furbo_360_dog_camera_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

VendorFurbo (001ceab5-3f78-5392-be04-40452afba4c9)
ProductFurbo 360 Dog Camera Firmware (35db1fd6-feaf-50b3-859c-7532b278d601)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-11650 vulnerable 2026-06-08 07:04:28.687987 Tomofun Furbo 360/Furbo Mini Password shadow weak hash
LOW (1.8)
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-12T23:02:06.268Z
Updated: 2025-10-20T04:36:32.819Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11649 vulnerable 2026-06-08 07:04:28.687284 Tomofun Furbo 360/Furbo Mini Root Account hard-coded password
HIGH (7)
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-12T22:32:05.850Z
Updated: 2025-10-20T04:36:21.504Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11648 vulnerable 2026-06-08 07:04:28.683134 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery
MEDIUM (5.6)
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-12T22:02:05.664Z
Updated: 2025-10-20T04:36:10.328Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11647 vulnerable 2026-06-08 07:04:28.682509 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure
LOW (3.1)
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is needed for the attack. The exploitability is assessed as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-12T21:32:06.210Z
Updated: 2025-10-18T21:28:13.642Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11646 vulnerable 2026-06-08 07:04:28.681694 Tomofun Furbo 360/Furbo Mini GATT Service access control
MEDIUM (6.3)
A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-12T21:02:05.171Z
Updated: 2025-10-18T21:28:04.687Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11644 vulnerable 2026-06-08 07:04:28.672771 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11643 vulnerable 2026-06-08 07:04:28.672071 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11642 vulnerable 2026-06-08 07:04:28.670876 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11641 vulnerable 2026-06-08 07:04:28.670023 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11640 vulnerable 2026-06-08 07:04:28.669056 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11639 vulnerable 2026-06-08 07:04:28.668073 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11638 vulnerable 2026-06-08 07:04:28.667230 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11637 vulnerable 2026-06-08 07:04:28.663775 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11636 vulnerable 2026-06-08 07:04:28.663115 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11635 vulnerable 2026-06-08 07:04:28.662681 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11634 vulnerable 2026-06-08 07:04:28.654283 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11633 vulnerable 2026-06-08 07:04:28.652464 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.