Tomofun Furbo 360 and Furbo Mini Trial Restriction Bypass Vulnerability

A vulnerability exists in the Tomofun Furbo 360 and Furbo Mini models, specifically in the Trial Restriction Handler component. This vulnerability allows for improper access control, enabling users to bypass trial limitations. The issue can be exploited on the physical device by modifying the device's MAC address, which resets the trial period for premium features. The affected firmware versions are Furbo 360 through FB0035_FW_036 and Furbo Mini through MC0020_FW_074.

Impact

Exploitation of this vulnerability allows for an application logic bypass, specifically regarding trial restrictions, by granting unlimited access to premium features on the affected devices.

Reproduction

To reproduce this vulnerability, physically access the Tomofun Furbo 360 or Furbo Mini device. Change the device's MAC address to a new, unique value. Each new MAC address triggers a fresh 30-day premium trial, effectively circumventing the trial limitations. This process can be repeated by continually changing the MAC address, thus providing ongoing access to premium features.