CNNVD-202510-1589 Information

CNNVD ID

CNNVD-202510-1589

Related CVE

CVE-2025-11648

• CNNVD Published: 2025-10-12

Description (Chinese)

Tomofun Furbo 360和Tomofun Furbo Mini都是中国台湾Tomofun公司的一款智能宠物摄像机。 Tomofun Furbo 360 FB0035_FW_036及之前版本和Tomofun Furbo Mini MC0020_FW_074及之前版本存在代码问题漏洞，该漏洞源于文件TF_FQDN.json中GATT Interface URL Handler组件存在缺陷，可能导致服务端请求伪造攻击。

Description (English)

Tomofun Furbo 360 and Tomofun Furbo Mini are smart pet cameras from Tomofun, Taiwan, China. Tomofun Furbo 360 FB0035 FW 036 et seq. and Tomofun Furbo Mini MC0020 FW 074 et seq. have a code gap, which stems from deficiencies in the GATT Interface URL Handler component of document TF FQDN.json, which may result in a false attack requested by the service side.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Tomofun

Published

2025-10-12

Last Modified

2026-02-24

References

https://vuldb.com/?id.328059 https://github.com/dead1nfluence/Furbo-Advisories/blob/main/SSRF-via-BLE.md https://vuldb.com/?ctiid.328059 https://vuldb.com/?submit.662768 https://access.redhat.com/security/cve/cve-2025-11648