CVE-2026-33362 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: May 11, 2026
Meari IoT SDK - Hardcoded Credentials
Overview
Meari IoT SDK embedded in CloudEdge 5.5.0, Arenti 1.8.1, and white-label Android apps <= 1.8.x contains hardcoded secrets including API signing material, password-transport keys, and service access keys, letting attackers access sensitive credentials, exploit requires app access.
Severity & Score
Impact
Attackers can obtain sensitive credentials, leading to unauthorized access and potential service compromise.
Mitigation
Update to the latest version where hardcoded secrets are removed or mitigated.
References
Social Media Activity(2 posts)
š CVE-2026-33362 - High (8.6) In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, pas... š https://www.thehackerwire.com/vulnerability/CVE-2026-33362/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-33362 - High (8.6) In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, pas... š https://www.thehackerwire.com/vulnerability/CVE-2026-33362/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33362
- Severity
- High
- CVSS Score
- 8.6
- Type
- hardcoded_credentials
- Status
- new
- EPSS
- 3.2%
- Social Posts
- 2
CWE
- CWE-321
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N