CVE-2025-11650

Exploit

EPSS 0.01%
Veröffentlicht 12.10.2025 23:15:32
Zuletzt bearbeitet 28.10.2025 02:02:15
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Furbo ≫ Furbo Mini Firmware Version <= 074

Furbo ≫ Furbo Mini Version-

Furbo ≫ Furbo 360 Dog Camera Firmware Version <= 036

Furbo ≫ Furbo 360 Dog Camera

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	0.4	3.6	CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	1	0	0	CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	1.8	0.4	1.4	CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	1	1.5	2.9	AV:L/AC:H/Au:S/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure-Encryption-Algorithm.md

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.328061

VDB Entry

Permissions Required

https://vuldb.com/?id.328061

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.662771

Third Party Advisory

VDB Entry