What is the CVSS score of CVE-2026-33361?

CVE-2026-33361 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Meari IoT SDK are affected by CVE-2026-33361?

Meari IoT SDK versions ≤1.8.x used in baby monitors and surveillance cameras (CloudEdge 5.5.0, Arenti 1.8.1, and white-label variants) contain weak encryption that allows unauthenticated remote…

Meari IoT SDK CVE-2026-33361

Q: How to fix or mitigate CVE-2026-33361?

Within 24 hours: Identify all deployed instances of CloudEdge, Arenti, and white-label applications using Meari SDK ≤1.8.x via asset inventory and network scanning; disable remote snapshot access if operationally feasible. Within 7 days: Contact vendor for patch availability timeline and interim remediation guidance; implement network segmentation to restrict SDK-based services to trusted internal networks only. Within 30 days: Deploy patched versions immediately upon vendor release (monitor vendor security advisories for CloudEdge 5.5.1+, Arenti 1.8.2+); validate patch deployment across all instances.

EUVD-2026-29105 HIGH

Inadequate Encryption Strength (CWE-326)

2026-05-11 runZero

GHSA-pfqv-vhwj-2rjw

Information Disclosure

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

May 11, 2026 - 16:46 vuln.today

CVE Published

May 11, 2026 - 16:03 nvd

HIGH 7.5

DescriptionNVD

In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model.

AnalysisAI

Weak XOR obfuscation in Meari IoT SDK's libmrplayer.so library enables remote unauthenticated attackers to decrypt baby monitor image snapshots from CloudEdge 5.5.0, Arenti 1.8.1, and white-label apps (versions ≤1.8.x). The '.jpgx3' file format applies reversible XOR encryption only to the first 1024 bytes using a predictable key derivation model, exposing confidential video surveillance imagery. …

RemediationAI

Within 24 hours: Identify all deployed instances of CloudEdge, Arenti, and white-label applications using Meari SDK ≤1.8.x via asset inventory and network scanning; disable remote snapshot access if operationally feasible. Within 7 days: Contact vendor for patch availability timeline and interim remediation guidance; implement network segmentation to restrict SDK-based services to trusted internal networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33361 vulnerability details – vuln.today

Back

Meari IoT SDK CVE-2026-33361

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code