Filtered by vendor Meari
Subscriptions
Filtered by product Com.meari.sdk
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33357 | 1 Meari | 1 Com.meari.sdk | 2026-05-12 | 7.5 High |
| In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side authorization failure in "GET /openapi/device/status". | ||||
| CVE-2026-33361 | 1 Meari | 1 Com.meari.sdk | 2026-05-12 | 7.5 High |
| In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model. | ||||
| CVE-2026-33362 | 1 Meari | 1 Com.meari.sdk | 2026-05-12 | 8.6 High |
| In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys. | ||||
Page 1 of 1.