CVE-2026-2250
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to access and export the internal telemetry SQLite database containing sensitive operational data from METIS WIC devices via the /dbviewer/ web endpoint. It also exposes backend source code and system configuration through verbose Django debug tracebacks when malformed requests are sent. Affected systems are METIS WIC devices with the vulnerable configuration enabled.
💻 Affected Systems
- METIS WIC devices
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers exfiltrate sensitive operational data, leading to operational disruption, intellectual property theft, or further attacks using disclosed information.
Likely Case
Unauthorized access to sensitive telemetry data and exposure of backend code, potentially enabling reconnaissance for additional vulnerabilities.
If Mitigated
Limited impact if authentication is enforced and debug mode is disabled, preventing data access and information disclosure.
🎯 Exploit Status
Exploitation is straightforward via web requests to the exposed endpoint without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://www.metis.tech/
Restart Required: No
Instructions:
Check vendor advisory for updates; if none, implement workarounds such as disabling the endpoint and debug mode.
🔧 Temporary Workarounds
Disable /dbviewer/ endpoint
allRemove or restrict access to the /dbviewer/ web endpoint to prevent unauthorized database access.
# Example: Use web server config (e.g., Apache/Nginx) to block /dbviewer/
# In Apache: <Location "/dbviewer/"> Deny from all </Location>
# In Nginx: location /dbviewer/ { deny all; }
Disable Django debug mode
allSet DEBUG = False in Django settings to prevent verbose tracebacks from exposing sensitive information.
# In Django settings.py: DEBUG = False
# Restart the application after change
🧯 If You Can't Patch
- Implement network access controls to restrict access to the /dbviewer/ endpoint from untrusted networks.
- Monitor logs for unauthorized access attempts to the endpoint and enable alerting for suspicious activities.
🔍 How to Verify
Check if Vulnerable:
Send a web request to http://<device_ip>/dbviewer/; if it returns database data or a response without authentication, it is vulnerable. Also, send a malformed request to check for Django debug tracebacks.Check Version:
Not specified; check device documentation or vendor resources for version information.Verify Fix Applied:
After applying workarounds, verify that accessing /dbviewer/ returns an error or is blocked, and malformed requests no longer show verbose tracebacks.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /dbviewer/ endpoint from unauthorized IPs
- Django debug traceback logs in application logs
Network Indicators:
- Unusual traffic patterns to /dbviewer/ endpoint
- SQLite database export requests
SIEM Query:
Example: source="web_logs" AND url="/dbviewer/" AND response_status=200