Or Balog

**Name of the Vulnerable Software and Affected Versions** METIS WIC versions oscore 2.1.234-r18 and earlier **Description** METIS WIC devices expose a web-based shell at the `/console` endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges, resulting in full system compromise. This allows unauthorized access to modify system configuration, read sensitive data, or disrupt device operations. **Recommendations** Versions prior to oscore 2.1.234-r18 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** METIS DFS versions prior to oscore 2.1.234-r18 **Description** METIS DFS devices expose a web-based shell at the `/console` endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges, resulting in the compromise of the software and granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services. **Recommendations** For versions prior to oscore 2.1.234-r18, restrict access to the `/console` endpoint. For versions prior to oscore 2.1.234-r18, disable the web-based shell if it is not required.

**Name of the Vulnerable Software and Affected Versions** METIS WIC devices (affected versions not specified) **Description** The `/dbviewer/` web endpoint is accessible without authentication, allowing a remote attacker to access and export the internal telemetry SQLite database, which contains sensitive operational data. Debug mode is enabled, resulting in verbose Django tracebacks for malformed requests. These tracebacks reveal backend source code, local file paths, and system configuration details. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.