216.73.216.75

CVE-2026-33357

· Published 11/05/2026 17:16 · Modified 11/05/2026 17:16

Labels: CVE-2026-33357 2026-05-1144488dab-36db-4358-99f9-bc116477f914CVE-2026-33357CWE-862

Essential information

Published
11/05/2026 17:16
Modified
11/05/2026 17:16
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side authorization failure in "GET /openapi/device/status".

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
44488dab-36db-4358-99f9-bc116477f914
NVD
View on NVD

Affected products (CPE)

ProductCPE
meari / meari sdk cpe:2.3:a:meari:meari_sdk:*:*:*:*:*:*:*:*
meari / cloudedge cpe:2.3:a:meari:cloudedge:5.5.0:220:*:*:*:*:*:*
meari / arenti cpe:2.3:a:meari:arenti:1.8.1:220:*:*:*:*:*:*

References