Metis Cyberspace Technology Sa Metis Wic vulnerabilities
2 known vulnerabilities affecting metis_cyberspace_technology_sa/metis_wic.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-2248P2CRITICALCVSS 9.8voscore 2.1.234-r182026-02-11
CVE-2026-2248 [CRITICAL] CWE-287 CVE-2026-2248: METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system
nvd
CVE-2026-2250P3HIGHCVSS 7.5voscore 2.1.234-r182026-02-11
CVE-2026-2250 [HIGH] CWE-215 CVE-2026-2250: The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacke
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend
nvd