CVE-2026-2248
📋 TL;DR
METIS WIC devices with firmware versions up to oscore 2.1.234-r18 expose an unauthenticated web-based shell at the /console endpoint. This allows remote attackers to execute arbitrary operating system commands with root privileges, leading to complete system compromise. All organizations using affected METIS WIC devices are vulnerable.
💻 Affected Systems
- METIS WIC devices
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system takeover: attacker gains persistent root access, exfiltrates all sensitive data, modifies device firmware, uses device as pivot point into internal networks, or bricks the device entirely.
Likely Case
Unauthorized access to device configuration and sensitive data, installation of backdoors or malware, disruption of device operations, and potential lateral movement to connected systems.
If Mitigated
If network segmentation and strict access controls are in place, impact may be limited to the compromised device only, preventing lateral movement and data exfiltration.
🎯 Exploit Status
Exploitation requires only web browser or curl command to access /console endpoint and execute commands. No special tools or skills needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - check vendor for updates
Vendor Advisory: https://www.metis.tech/
Restart Required: Yes
Instructions:
1. Contact METIS vendor for patched firmware version. 2. Backup device configuration. 3. Apply firmware update following vendor instructions. 4. Verify /console endpoint is no longer accessible without authentication.
🔧 Temporary Workarounds
Network Access Control
linuxRestrict network access to METIS WIC devices using firewall rules to only allow connections from authorized management systems.
iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Web Server Configuration
allBlock access to /console endpoint using web server configuration if device allows custom configuration.
location /console { deny all; return 403; }
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict firewall rules allowing only necessary traffic
- Implement network monitoring and intrusion detection specifically for traffic to/from METIS WIC devices
🔍 How to Verify
Check if Vulnerable:
Access device IP in browser: http://[device_ip]/console - if you see a command shell interface without authentication prompt, device is vulnerable.Check Version:
Check device web interface or use: curl -s http://[device_ip]/api/version (if API available)Verify Fix Applied:
Attempt to access http://[device_ip]/console - should receive 403/404 error or require authentication. Verify firmware version is > oscore 2.1.234-r18.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /console endpoint
- Unusual command execution patterns in system logs
- Multiple failed authentication attempts followed by /console access
Network Indicators:
- HTTP GET/POST requests to /console endpoint from unexpected sources
- Unusual outbound connections from METIS device
SIEM Query:
source="metis_device" AND (url="/console" OR url CONTAINS "console")