9.8
CVE-2025-3653
- EPSS 0.22%
- Veröffentlicht 03.01.2026 23:33:03
- Zuletzt bearbeitet 03.02.2026 17:38:41
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginPetlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| disclosure@vulncheck.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-612 Improper Authorization of Index Containing Sensitive Information
The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.
https://bobdahacker.com/blog/petlibro
https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-through-platform-improper-access-control-via-api-endpoint