CVE-2026-27850
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Description
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Analysis
Misconfigured firewall rules in Meraki MR9600 (1.0.4.205530) and MX4200 (1.0.13.210200) routers accept WAN connections on source port 5222, allowing unauthenticated remote attackers to access services normally restricted to the local network. An attacker can leverage this to gain unauthorized access to sensitive internal services and information. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all MR9600 (v1.0.4.205530) and MX4200 (v1.0.13.210200) devices and isolate affected units from production if possible; implement emergency firewall rules blocking inbound WAN traffic on port 5222. Within 7 days: Deploy network segmentation to restrict WAN-accessible services; implement monitoring and logging for suspicious port 5222 connections; conduct threat assessment for potential compromise. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today