cbcvebase.

Petlibrio Smart Pet Feeder Platform vulnerabilities

6 known vulnerabilities affecting petlibrio/smart_pet_feeder_platform.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-15115P2CRITICALCVSS 9.8≥ Unknown, ≤ 1.7.312026-01-04
CVE-2025-15115 [CRITICAL] CWE-862 CVE-2025-15115: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerabi Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters t
nvd
CVE-2025-3654P2CRITICALCVSS 9.8≥ Unknown, ≤ 1.7.312026-01-04
CVE-2025-3654 [CRITICAL] CWE-612 CVE-2025-3654: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerab Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full de
nvd
CVE-2025-3653P3CRITICALCVSS 9.8≥ Unknown, ≤ 1.7.312026-01-04
CVE-2025-3653 [CRITICAL] CWE-612 CVE-2025-3653: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnera Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual fee
nvd
CVE-2025-3646P3HIGHCVSS 8.2≥ Unknown, ≤ 1.7.312026-01-04
CVE-2025-3646 [HIGH] CWE-306 CVE-2025-3646: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerabil Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper au
nvd
CVE-2025-3660P3HIGHCVSS 8.2≥ Unknown, ≤ 1.7.312026-01-04
CVE-2025-3660 [HIGH] CWE-612 CVE-2025-3660: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerabil Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pet/detailV2 with arbitrary pet IDs to retrieve sensitive information including pet details, member ID
nvd
CVE-2025-3652P4MEDIUMCVSS 5.3≥ Unknown, ≤ 1.7.312026-01-04
CVE-2025-3652 [MEDIUM] CWE-288 CVE-2025-3652: Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerab Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, t
nvd
Petlibrio Smart Pet Feeder Platform vulnerabilities | cvebase