exploitDog

CVE-2025-3653

Опубликовано: 04 янв. 2026

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

EPSS Низкий

Описание

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.

Ссылки

https://bobdahacker.com/blog/petlibro
Product
https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-through-platform-improper-access-control-via-api-endpoint
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:petlibro:petlibro:*:*:*:*:-:*:*:*

Версия до 1.7.31 (включая)

EPSS

Процентиль: 18%

0.00057

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-612

Связанные уязвимости

GHSA-c4mg-vhq3-hwc2

CVSS3: 7.3

github

около 1 месяца назад

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.

EPSS

Процентиль: 18%

0.00057

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-612