CVE-2026-2248

Name of the Vulnerable Software and Affected Versions METIS WIC versions oscore 2.1.234-r18 and earlier

Description METIS WIC devices expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges, resulting in full system compromise. This allows unauthorized access to modify system configuration, read sensitive data, or disrupt device operations.

Recommendations Versions prior to oscore 2.1.234-r18 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.