Dead1Nfluence

**Name of the Vulnerable Software and Affected Versions** Meatmeet (affected versions not specified) **Description** An attacker within Bluetooth Low Energy (BLE) range can send commands to Meatmeet devices, leading to a Denial of Service. Specifically, the attacker can issue shutdown, restart, or clear config commands. The 'clear config' command disassociates the device from its user, requiring reconfiguration and preventing updates from the base station until the device is fixed or restarted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 **Description** A weakness exists in the UART Interface component of Tomofun Furbo 360 and Furbo Mini. Manipulation of this component can result in insecure storage of sensitive information. The attack requires physical access to the device and is considered difficult to exploit. The exploit has been publicly released. **Recommendations** Update Tomofun Furbo 360 to a version later than FB0035 FW 036. Update Tomofun Furbo Mini to a version later than MC0020 FW 074.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo Mobile App versions through 7.57.0a **Description** A security issue has been identified in the Authentication Token Handler component of the Tomofun Furbo Mobile App on Android. The vulnerability involves insecure storage of sensitive information, potentially allowing for exploitation on a physical device. The exploit has been publicly disclosed. The vendor was informed of the issue but did not respond. **Recommendations** Update to a newer version of the Tomofun Furbo Mobile App that addresses this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 **Description** A flaw exists in Tomofun Furbo 360 and Furbo Mini due to improper access controls within the GATT Service component. This issue can be exploited from the local network. The exploit is publicly available. **Recommendations** Update Tomofun Furbo 360 to a version later than FB0035 FW 036. Update Tomofun Furbo Mini to a version later than MC0020 FW 074.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 **Description** A flaw exists in the HTTP Traffic Handler component of Tomofun Furbo 360 and Furbo Mini. This issue results in improper certificate validation and can be exploited remotely. Exploitation is considered difficult and requires high complexity. **Recommendations** Update Furbo 360 to a version later than FB0035 FW 036. Update Furbo Mini to a version later than MC0020 FW 074.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 **Description** A server-side request forgery condition exists in Tomofun Furbo 360 and Furbo Mini due to manipulation of the file `TF FQDN.json` within the GATT Interface URL Handler component. The attack can be performed remotely and is considered highly complex, with a difficult exploitability. The exploit has been publicly disclosed. **Recommendations** Update Tomofun Furbo 360 to version FB0035 FW 036 or later. Update Tomofun Furbo Mini to version MC0020 FW 074 or later.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 **Description** A security flaw exists in Tomofun Furbo 360 and Furbo Mini devices. The issue involves an unknown function within the Root Account Handler component, which, when manipulated, exposes a hard-coded password. An attacker with local access can exploit this flaw, potentially gaining unauthorized control over the device. The exploit has been made public. The complexity of the attack is considered high, and exploitability is described as difficult. **Recommendations** For Tomofun Furbo 360 versions prior to FB0035 FW 036, update the firmware to version FB0035 FW 036 or later. For Tomofun Furbo Mini versions prior to MC0020 FW 074, update the firmware to version MC0020 FW 074 or later.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 **Description** A weakness exists in Tomofun Furbo 360 and Furbo Mini related to password handling. Manipulation of the `/etc/shadow` file, through an unknown `function`, can lead to the use of weak hash values. The attack can be performed on the physical device and requires a high level of complexity, though exploitability is considered difficult. The exploit has been publicly disclosed. **Recommendations** Update Furbo 360 to a version later than FB0035 FW 036. Update Furbo Mini to a version later than MC0020 FW 074.

**Name of the Vulnerable Software and Affected Versions** Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 **Description** A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the `DeviceToken` argument can lead to information disclosure. The attack is limited to the local network and requires a high degree of complexity, making exploitability difficult. The exploit has been published. **Recommendations** Update Furbo 360 to a version later than FB0035 FW 036. Update Furbo Mini to a version later than MC0020 FW 074.