Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

METIS Cyberspace Technology SA

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2026-2249
Assigner-56a186b1-7f5e-4314-ba38-38d5499fccfd
ShareView Details
Assigner-56a186b1-7f5e-4314-ba38-38d5499fccfd
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:16
Updated-12 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Command Execution via Web Console in METIS DFS

METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.

Action-Not Available
Vendor-METIS Cyberspace Technology SA
Product-METIS DFS
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2248
Assigner-56a186b1-7f5e-4314-ba38-38d5499fccfd
ShareView Details
Assigner-56a186b1-7f5e-4314-ba38-38d5499fccfd
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:15
Updated-12 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Root Shell Access via Web Console in METIS WIC

METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations

Action-Not Available
Vendor-METIS Cyberspace Technology SA
Product-METIS WIC
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2250
Assigner-56a186b1-7f5e-4314-ba38-38d5499fccfd
ShareView Details
Assigner-56a186b1-7f5e-4314-ba38-38d5499fccfd
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:13
Updated-12 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration.

Action-Not Available
Vendor-METIS Cyberspace Technology SA
Product-METIS WIC
CWE ID-CWE-215
Insertion of Sensitive Information Into Debugging Code
CWE ID-CWE-284
Improper Access Control