Vulnerabilities in Tomofun
18 resultsCVE-2025-11647LOWTomofun Furbo 360/Furbo Mini GATT Service information disclosureEPSS 0.5%CVE-2025-11646MEDIUMTomofun Furbo 360/Furbo Mini GATT Service access controlEPSS 0.5%CVE-2025-11648MEDIUMTomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgeryEPSS 0.4%CVE-2025-11635MEDIUMTomofun Furbo 360 File Upload resource consumptionEPSS 0.4%CVE-2025-11636MEDIUMTomofun Furbo 360 Account server-side request forgeryEPSS 0.4%CVE-2025-11638MEDIUMTomofun Furbo 360/Furbo Mini Bluetooth denial of serviceEPSS 0.3%CVE-2025-11637MEDIUMTomofun Furbo 360 Audio race conditionEPSS 0.3%CVE-2025-11643MEDIUMTomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentialsEPSS 0.3%CVE-2025-11644LOWTomofun Furbo 360/Furbo Mini UART sensitive informationEPSS 0.3%CVE-2025-11633MEDIUMTomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validationEPSS 0.2%CVE-2025-11639MEDIUMTomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive informationEPSS 0.2%CVE-2025-11645LOWTomofun Furbo Mobile App Authentication Token sensitive informationEPSS 0.2%CVE-2025-11640LOWTomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmissionEPSS 0.2%CVE-2025-11634LOWTomofun Furbo 360/Furbo Mini UART information disclosureEPSS 0.2%CVE-2025-11641LOWTomofun Furbo 360/Furbo Mini Trial Restriction access controlEPSS 0.2%CVE-2025-11650LOWTomofun Furbo 360/Furbo Mini Password shadow weak hashEPSS 0.1%CVE-2025-11642MEDIUMTomofun Furbo 360/Furbo Mini Registration denial of serviceEPSS 0.1%CVE-2025-11649HIGHTomofun Furbo 360/Furbo Mini Root Account hard-coded passwordEPSS 0.1%