CVE-2025-11650
CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tomofun | Furbo 360 | n/a | affected |
| Tomofun | Furbo Mini | n/a | affected |
Weaknesses
- CWE-328: Use of Weak Hash
- CWE-327: Risky Cryptographic Algorithm
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://vuldb.com/?id.328061
- https://vuldb.com/?ctiid.328061
- https://vuldb.com/?submit.662771
- https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure-Encryption-Algorithm.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.