4 matches found
CVE-2025-3654
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...
CVE-2025-3653
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...
CVE-2025-3646
The CVE affects Petlibro Smart Pet Feeder Platform up to version 1.7.31. The vulnerability is an authorization bypass in the device share API caused by missing permission checks, allowing unauthorized users to add themselves as shared owners and view owner information. This is a network-exposed i...
CVE-2025-15115
CVE-2025-15115 affects the Petlibro Smart Pet Feeder Platform (versions up to 1.7.31). Affects the social login OAuth flow via the API endpoint “/member/auth/thirdLogin” where token validation flaws allow unauthenticated attackers to obtain full session tokens and access user accounts by supplyin...