VYPR
Vendor

Furbo

Products
2
CVEs
7
Across products
13
Status
Private

Products

2

Recent CVEs

7
  • CVE-2025-11649HigOct 12, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is…

  • CVE-2025-11646MedOct 12, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and…

  • CVE-2025-11648MedOct 12, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of…

  • CVE-2025-11647LowOct 12, 2025
    risk 0.20cvss 3.1epss 0.01

    A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree…

  • CVE-2025-11644LowOct 12, 2025
    risk 0.13cvss 2.0epss 0.00

    A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the…

  • CVE-2025-11650LowOct 12, 2025
    risk 0.12cvss 1.8epss 0.00

    A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The…

  • CVE-2023-28704Jun 2, 2023
    risk 0.00cvss epss 0.01

    Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary…