Massive Security Flaw Exposes 1.1 Million Baby Monitors to Hackers

Massive Security Flaw Exposes 1.1 Million Baby Monitors to Hackers

First seen 14 May 2026, 03:02 UTC ThevergeCybernews 76% similarity 72.5

Article Content

Browse articles
ThreatCluster

A security researcher discovered critical vulnerabilities in baby monitors and security cameras using Meari Technology's platform, affecting up to 1.1 million devices globally. The flaws allow unauthorized users to access live data streams and stored images from these cameras without authentication. The vulnerabilities stem from design issues in the MQTT broker system and insecure storage practices on Alibaba Cloud. Notable brands impacted include Wyze, Intelbras, and Petcube. The researcher, Sammy Azdoufal, found that many devices still used default passwords, making them easy targets. The vulnerabilities were disclosed on May 11, 2026, and have been tracked by CISA. Meari Technology has begun addressing these issues after being alerted by Azdoufal. The situation highlights significant risks in the IoT sector, particularly for consumer devices.

Key Points: • 1.1 million devices are vulnerable due to flaws in Meari Technology's platform. • Unauthorized users can access live feeds and stored images without authentication. • Major brands like Wyze and Petcube are affected by these security issues.

ThreatCluster AI

Timeline

2026-05-11
CVE-2026-33357 published
A vulnerability allows unauthorized access to device information via a static OpenAPI key.
Cybernews
2026-05-11
CVE-2026-33359 published
The MQTT broker vulnerability enables users to receive data streams from other people's cameras.
Cybernews
2026-05-11
CVE-2026-33361 published
A vulnerability related to image storage exposes motion-triggered snapshots to public access.
Cybernews
2026-05-11
CVE-2026-33362 published
Additional vulnerabilities were disclosed, reflecting systemic design flaws in the devices.
Cybernews
Recent
Meari Technology begins addressing vulnerabilities
After being alerted by researcher Sammy Azdoufal, Meari has started to patch the security flaws.
Theverge

Community

Browse all →