VYPR

Wic

by Massive Entertainment

CVEs (3)

  • CVE-2026-2248CriFeb 11, 2026
    risk 0.64cvss 9.8epss 0.01

    METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results…

  • CVE-2026-2250HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing…

  • CVE-2008-6713Apr 10, 2009
    risk 0.04cvss epss 0.08

    World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.