CVE-2026-2248 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

METIS WIC devices (versions
Critical CVSS: 9.8

CVE-2026-2248

METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations
Vendor
-
Product
-
CWE
CWE-287
Yayın Tarihi
2026-02-11 15:16:17
Güncelleme
2026-02-12 16:16:18
Source Identifier
56a186b1-7f5e-4314-ba38-38d5499fccfd
KEV Date Added
-

Kategoriler

CWE-287 CRITICAL 2026

Referanslar

https://cydome.io/vulnerability-advisory-cve-2026-2248-unauthenticated-remote-root-shell-in-metis-wic https://www.metis.tech/