6 matches found
CVE-2026-33357
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
CVE-2026-33362
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...
CVE-2026-33361
Affected software: Meari IoT SDK image handling (libmrplayer.so) as used in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (≤ 1.8.x). Vulnerability detail: baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key der...
CVE-2026-33361 Meari weak XOR obfuscation
In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...
CVE-2026-33357 Meari OpenAPI device status IDOR
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
CVE-2026-33357
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...