CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

Meari Alibaba OSS 安全漏洞

Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...

Meari IoT Cloud MQTT Broker EMQX 安全漏洞

Meari IoT Cloud MQTT Broker EMQX is a high-performance IoT messaging proxy service based on the MQTT protocol provided by Meari Corporation. A security vulnerability exists in the Meari IoT Cloud MQTT Broker EMQX 4.x version. This vulnerability stems from the lack of authorization for device-leve...

CVE-2025-4692 ABUP IoT Cloud Platform Incorrect Privilege Assignment

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on May 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-140-01 ABUP IoT Cloud Platform ICSA-25-140-02 National Instruments Circuit Design Sui...

ABUP IoT Cloud Platform

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

CVE-2022-39368

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

Design/Logic Flaw

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

CVE-2022-39368 Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

CVE-2022-39368 Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

CVE-2022-39368 Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

Doodle Smart app and Doodle Converter (smart socket) have a flawed logic vulnerability

Doodle Smart is an IoT cloud platform that connects brands, OEMs, developers and chain retailers with their intelligence needs, providing a one-stop AI IoT PaaS-level solution that covers hardware development, global cloud, and smart business platform development, providing comprehensive ecologic...

Smart lighting security

Smart lighting systems create great opportunity for improved efficiency, cost savings and easy management. The long lifespan and low power requirement of LED luminaires and lamps means that it’s worth investing in replacing older fluorescent and incandescent lighting. RJ45 connections delivering...

Unauthorized Access Vulnerability in Baidu's Skyworks Intelligence Platform

Baidu Tiangong Intelligence Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. The Baidu Tiangong Intelligent Platform suffers from an unauthorized access...