CVE-2026-2248 in WIC
Summary
by MITRE • 02/11/2026
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 02/11/2026
The vulnerability identified as CVE-2026-2248 affects METIS WIC devices running software versions up to and including oscore 2.1.234-r18 where a critical security flaw exists in the device's web interface implementation. This flaw manifests through an unauthenticated web-based shell exposed at the /console endpoint, representing a severe design oversight that fundamentally undermines the device's security posture. The vulnerability directly violates security principles of least privilege and authentication enforcement, creating an immediate and severe risk for all affected installations.
The technical nature of this vulnerability stems from improper access control implementation within the device's web server component, specifically allowing unrestricted access to a command execution interface without any form of authentication verification. This flaw falls under the CWE-284 access control weakness category, where the system fails to properly restrict access to privileged functions. The /console endpoint serves as a direct conduit for operating system command execution, bypassing all normal security controls and authentication mechanisms that should normally protect such sensitive interfaces. When exploited, this vulnerability provides attackers with root-level privileges, effectively granting them complete control over the device's operating system and all its resources.
The operational impact of this vulnerability is catastrophic for any organization relying on these devices, as it enables complete system compromise without requiring any authentication credentials or network access privileges. Remote attackers can leverage this vulnerability to execute arbitrary commands with UID 0 privileges, allowing them to modify system configurations, access sensitive data, install malware, or disrupt device operations entirely. The implications extend beyond simple unauthorized access, as attackers can potentially use this entry point to establish persistent backdoors, escalate privileges further within network environments, or use the compromised device as a launching point for attacks against other systems. This vulnerability essentially transforms the affected devices from security assets into potential attack vectors that can be exploited from anywhere on the internet.
Organizations must immediately implement mitigation strategies to address this vulnerability, beginning with disabling or securing the /console endpoint if it is not required for legitimate operational purposes. Network segmentation and firewall rules should be implemented to restrict access to these devices from untrusted networks, while also ensuring that any exposed web interfaces are properly secured with strong authentication mechanisms. The device firmware should be updated to the latest available version that contains patches for this vulnerability, and administrators should conduct thorough security audits to identify any potential compromise that may have already occurred. Additionally, implementing network monitoring solutions that can detect unusual command execution patterns or unauthorized access attempts to these endpoints will help in early detection and response to potential exploitation attempts. This vulnerability highlights the critical importance of proper access control implementation and regular security assessments to prevent such severe security flaws from being exposed in production environments.