Tomofun Furbo 360 Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Tomofun Furbo 360 camera, specifically in versions through FB0035_FW_036. This vulnerability arises from an unknown processing issue in the Account Handler component, allowing remote attackers to manipulate requests sent from the device to an attacker-controlled server. The exploitation of this vulnerability is considered complex and difficult.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the affected device can be coerced into making requests to external servers controlled by the attacker.

Reproduction

To reproduce this vulnerability, an attacker must first compromise a Furbo account of a legitimate user. Once access is gained, the attacker can modify the URL sent during the recording of a new treat toss sound, directing the Furbo device to download a file from an attacker-controlled server.