Vulnerability Description
A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Furbo | Furbo Mini Firmware | <= 074 |
| Furbo | Furbo Mini | - |
| Furbo | Furbo 360 Dog Camera Firmware | <= 036 |
| Furbo | Furbo 360 Dog Camera | All versions |
Related Weaknesses (CWE)
References
- https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-DisclosuExploitThird Party Advisory
- https://vuldb.com/?ctiid.328057Permissions RequiredVDB Entry
- https://vuldb.com/?id.328057Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.661900Third Party AdvisoryVDB Entry
- https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-DisclosuExploitThird Party Advisory
FAQ
What is CVE-2025-11646?
CVE-2025-11646 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attac...
How severe is CVE-2025-11646?
CVE-2025-11646 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11646?
Check the references section above for vendor advisories and patch information. Affected products include: Furbo Furbo Mini Firmware, Furbo Furbo Mini, Furbo Furbo 360 Dog Camera Firmware, Furbo Furbo 360 Dog Camera.