Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Researchers disclosed that multiple vulnerabilities in Meari Technology’s camera/cloud ecosystem potentially exposed more than one million white‑label baby monitors and security cameras sold under 300+ brands, enabling unauthorized real‑time MQTT subscriptions (CVE-2026-33356), publicly accessible motion‑alert images on Alibaba OSS (CVE-2026-33359), and hardcoded/shared cryptographic keys and credentials (CVE-2026-33362); thousands of images were reportedly accessed and the incident highlights systemic IoT supply-chain and backend infrastructure risks and the need for patching, credential rotation, network segmentation, and vendor evaluation.