METIS WIC Devices Web-Based Shell Vulnerability Allowing Root Command Execution

Vulnerability

A vulnerability exists in METIS WIC devices running OSCORE versions through 2.1.234-r18. These devices expose a web-based shell at the '/console' endpoint, which lacks authentication. This vulnerability allows remote attackers to execute arbitrary operating system commands with root privileges, leading to a complete system compromise. Exploitation of this issue could result in unauthorized access to modify system configurations, access sensitive data, or disrupt device operations.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with root privileges, resulting in full system compromise.

Added: Feb 11, 2026, 3:42 PM

Updated: Feb 11, 2026, 3:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

METIS WIC Devices Web-Based Shell Vulnerability Allowing Root Command Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating