METIS WIC Devices Unauthenticated Database Access Vulnerability

Vulnerability

A vulnerability exists in METIS WIC devices, where the /dbviewer/ web endpoint is accessible without authentication. This flaw allows remote attackers to access and export the internal telemetry SQLite database, which contains sensitive operational data. Furthermore, the application runs in debug mode, causing malformed requests to generate detailed Django error messages that reveal backend source code, local file paths, and system configuration.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive operational data stored in the telemetry SQLite database. Additionally, the debug mode exposure could allow attackers to gain insights into the application's backend, potentially facilitating further attacks.

Added: Feb 11, 2026, 3:40 PM

Updated: Feb 11, 2026, 3:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

METIS WIC Devices Unauthenticated Database Access Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating