CVE-2025-3654

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31

Description The Petlibro Smart Pet Feeder Platform is affected by an information disclosure issue. This allows unauthorized access to device hardware information. An attacker can obtain device serial numbers and MAC addresses by exploiting insecure API endpoints. The /device/devicePetRelation/getBoundDevices API endpoint is vulnerable, allowing retrieval of information using pet IDs. This enables full device control without proper authorization.

Recommendations Update to a version later than 1.7.31.