Massive Security Flaw Exposes 1.1 Million Baby Monitors to Hackers

Severity: High (Score: 72.5)

Sources: Theverge, Cybernews

Summary

A security researcher discovered critical vulnerabilities in baby monitors and security cameras using Meari Technology's platform, affecting up to 1.1 million devices globally. The flaws allow unauthorized users to access live data streams and stored images from these cameras without authentication. The vulnerabilities stem from design issues in the MQTT broker system and insecure storage practices on Alibaba Cloud. Notable brands impacted include Wyze, Intelbras, and Petcube. The researcher, Sammy Azdoufal, found that many devices still used default passwords, making them easy targets. The vulnerabilities were disclosed on May 11, 2026, and have been tracked by CISA. Meari Technology has begun addressing these issues after being alerted by Azdoufal. The situation highlights significant risks in the IoT sector, particularly for consumer devices. Key Points: • 1.1 million devices are vulnerable due to flaws in Meari Technology's platform. • Unauthorized users can access live feeds and stored images without authentication. • Major brands like Wyze and Petcube are affected by these security issues.

Key Entities

• Data Breach (attack_type)
• Meari Technology (company)
• Alibaba Cloud (company)
• Brazil (country)
• China (country)
• France (country)
• CVE-2026-33357 (cve)
• CVE-2026-33359 (cve)
• CVE-2026-33361 (cve)
• CVE-2026-33362 (cve)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• CWE-798 - Use of Hard-coded Credentials (cwe)
• T1053 - Scheduled Task/Job (mitre_attack)
• T1110 - Brute Force (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• T1552.001 - Credentials In Files (mitre_attack)
• Android (platform)
• CloudEdge (platform)
• EMQX (platform)