CVE-2026-2248 — CRITICAL (9.8)

Q: How severe is CVE-2026-2248?

CVE-2026-2248 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-2248?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-306 CWE-287

References

FAQ

What is CVE-2026-2248?

CVE-2026-2248 is a vulnerability with a CVSS score of 9.8 (CRITICAL). METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute a...

How severe is CVE-2026-2248?

CVE-2026-2248 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-2248?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.