Tomofun Furbo 360 and Furbo Mini Registration Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Tomofun Furbo 360 and Furbo Mini devices, specifically in an unknown function of the Registration Handler component. This vulnerability allows a physical attacker to spoof the MAC address of an unregistered camera and complete the registration process using their own account. As a result, the legitimate owner of the device is unable to register it upon receipt. The vulnerability affects Furbo 360 devices with firmware versions through FB0035_FW_036 and Furbo Mini devices with versions through MC0020_FW_074.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the legitimate owner of the device cannot register it due to interference caused by the attacker.

Reproduction

To reproduce this vulnerability, physical access to a Furbo device is required. The attacker must spoof the MAC address of an unregistered camera and use it to complete the registration process with their own account. This action prevents the device's rightful owner from registering it, causing a denial-of-service situation.