CVE-2026-2250 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite databa…
High CVSS: 7.5

CVE-2026-2250

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration.
Vendor
-
Product
-
CWE
CWE-215
Yayın Tarihi
2026-02-11 15:16:17
Güncelleme
2026-02-12 16:16:18
Source Identifier
56a186b1-7f5e-4314-ba38-38d5499fccfd
KEV Date Added
-

Kategoriler

CWE-215 HIGH 2026

Referanslar

https://cydome.io/vulnerability-advisory-cve-2026-2250-unauthenticated-data-exfilteration-and-information-disclosure-in-metis-wic-wireless-intelligent-collector https://www.metis.tech/