CVE-2026-33361
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model.
Five CVEs against Meari/CloudEdge IoT camera platform — public disclosure 2026-05-11
GitHub