OTPulse
FeedAboutContact

CloudEdge Online Cameras and App

Monitor7.5ICS-CERT ICSA-25-294-05Oct 21, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Improper input validation in CloudEdge App (version 4.4.2) and connected CloudEdge cameras allows an unauthenticated attacker with network access to gain unauthorized access to live video feeds and camera control functions. The vulnerability is due to insufficient validation of user-supplied input. CloudEdge and parent company Meari Technologies have not responded to CISA coordination attempts and no patch is available.

What this means
What could happen
An attacker could access live video feeds from CloudEdge cameras and control camera functions, potentially enabling surveillance of critical infrastructure sites or monitoring of sensitive operational areas.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using CloudEdge cameras for site surveillance or perimeter monitoring should be concerned. Any organization with CloudEdge App version 4.4.2 or reliant on the connected cameras for monitoring operations or security.
How it could be exploited
An attacker on the network can exploit an improper input validation vulnerability to gain unauthorized access to the camera and its video stream. If the CloudEdge App or camera is exposed to the internet or reachable from an untrusted network, the attacker needs only network access to port/service—no authentication or user interaction required.
Prerequisites
  • Network connectivity to the CloudEdge App or camera
  • Camera or app accessible from attacker's network segment (no authentication required)
Remotely exploitableNo authentication requiredLow complexity exploitationNo patch availableAffects surveillance and monitoring systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
CloudEdge App: 4.4.24.4.2No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to CloudEdge cameras and app—place them behind a firewall and isolate from the internet and business networks
HARDENINGIf remote access to cameras is required, implement VPN access with current security patches and strong authentication
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact CloudEdge or Meari Technologies to request security updates or patches for CloudEdge App
Mitigations - no patch available
0/1
CloudEdge App: 4.4.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGPerform network segmentation to ensure CloudEdge devices are on a separate, protected control system network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8c5e2e00-0b8e-4026-bcd2-1501dd7e43e5
CloudEdge Online Cameras and App | CVSS 7.5 - OTPulse