CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CVE-2026-33357

In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...

7.5CVSS5.6AI score0.00042EPSS

Exploits0References1

RedhatCVE•added yesterday•5 views

CVE-2026-33362

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...

8.6CVSS5.5AI score0.00042EPSS

Exploits0References1

Cvelist•added 2026/05/11 4:4 p.m.•25 views

CVE-2026-33362 Meari SDK hardcoded cryptographic keys

8.6CVSS0.00042EPSS

Exploits0References2

CVE•added 2026/05/11 4:3 p.m.•11 views

CVE-2026-33361

Affected software: Meari IoT SDK image handling (libmrplayer.so) as used in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (≤ 1.8.x). Vulnerability detail: baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key der...

7.5CVSS5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added 2026/05/11 4:3 p.m.•28 views

CVE-2026-33361 Meari weak XOR obfuscation

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS0.00017EPSS

Exploits0References2

Cvelist•added 2026/05/11 4:2 p.m.•26 views

CVE-2026-33357 Meari OpenAPI device status IDOR

7.5CVSS0.00042EPSS

Exploits0References2