Wic
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2248 | Cri | 0.64 | 9.8 | 0.01 | Feb 11, 2026 | METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results… | ||
| CVE-2026-2250 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing… | ||
| CVE-2008-6713 | 0.04 | — | 0.08 | Apr 10, 2009 | World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference. |
- risk 0.64cvss 9.8epss 0.01
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results…
- risk 0.49cvss 7.5epss 0.00
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing…
- CVE-2008-6713Apr 10, 2009risk 0.04cvss —epss 0.08
World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.