Critical severity9.8NVD Advisory· Published Feb 11, 2026· Updated Apr 15, 2026
CVE-2026-2248
CVE-2026-2248
Description
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <= oscore 2.1.234-r18
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.