CVE-2026-33361

Published: Mag 11, 2026 Last Modified: Mag 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: 44488dab-36db-4358-99f9-bc116477f914

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor '.jpgx3' files use reversible XOR over only the first 1024 bytes with a predictable key derivation model.

326

Inadequate Encryption Strength

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality

Potential Impacts:

Bypass Protection Mechanism Read Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/xn0tsa/nobody-puts-baby-in-a-corner

https://www.runzero.com/advisories/meari-weak-xor-obfuscati…

https://www.runzero.com/advisories/meari-weak-xor-obfuscation-cve-2026-33361/

CVE-2026-33361

Description

Inadequate Encryption Strength

Common Consequences

Applicable Platforms

Iscriviti alla newsletter