CVE-2026-33362

Published: Mag 11, 2026 Last Modified: Mag 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: 44488dab-36db-4358-99f9-bc116477f914

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys.

321

Use of Hard-coded Cryptographic Key

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Read Application Data

Applicable Platforms

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

https://github.com/xn0tsa/nobody-puts-baby-in-a-corner

https://www.runzero.com/advisories/meari-sdk-hardcoded-cryp…

https://www.runzero.com/advisories/meari-sdk-hardcoded-cryptographic-keys-cve-2…

CVE-2026-33362

Description

Use of Hard-coded Cryptographic Key

Common Consequences

Applicable Platforms

Iscriviti alla newsletter