CVE-2026-2248

CRITICAL
2026-02-11 56a186b1-7f5e-4314-ba38-38d5499fccfd
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 11, 2026 - 15:16 nvd
CRITICAL 9.8

Tags

Authentication Bypass Information Disclosure RCE

Description

METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations

Analysis

Unauthenticated web shell in METIS WIC devices (versions <= oscore 2.1.234-r18). The /console endpoint provides shell access without authentication. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all METIS WIC devices in your environment and document their firmware versions; isolate affected devices from production networks if possible and restrict network access to the /console endpoint. Within 7 days: Implement network-level compensating controls (WAF rules, segmentation, access restrictions) and increase monitoring for suspicious activity on these devices. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +49
POC: 0

Share

CVE-2026-2248 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy