VYPR
Vendor

Massive Entertainment

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2026-2248CriFeb 11, 2026
    risk 0.64cvss 9.8epss 0.01

    METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results…

  • CVE-2026-2250HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing…

  • CVE-2008-6713Apr 10, 2009
    risk 0.04cvss epss 0.08

    World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.

  • CVE-2004-1751Aug 26, 2004
    risk 0.03cvss epss 0.03

    Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.

  • CVE-2007-5711Oct 30, 2007
    risk 0.00cvss epss 0.02

    Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000.

  • CVE-2007-5369Oct 11, 2007
    risk 0.00cvss epss 0.03

    The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in the third byte.