CVE-2025-3654
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full device control without proper authorization checks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Petlibrio | Smart Pet Feeder Platform | Unknown <= 1.7.31 | affected |
Weaknesses
- CWE-612: Improper Authorization of Index Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://bobdahacker.com/blog/petlibro
- https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-information-disclosure-via-api-endpoint
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.