Description

METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations

INFO

Published Date :

2026-02-11T14:15:42.961Z

Last Modified :

2026-02-12T15:20:05.979Z

Source :

MHV
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2248 vulnerability.

Vendors Products
Metis Cyberspace Technology Sa
  • Metis Wic
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2248.

URL Resource
https://cydome.io/vulnerability-advisory-cve-2026-2248-unauthenticated-remote-root-shell-in-metis-wic cve-icon cve-icon
https://www.metis.tech/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact