CVE-2026-2248
CRITICALMETIS WIC <= oscore 2.1.234-r18 - RCE
Title source: llmDescription
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations
Exploits (1)
github
WORKING POC
10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-2248
Scores
CVSS v3
9.8
EPSS
0.0026
EPSS Percentile
49.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-306
CWE-287
Status
draft
Timeline
Published
Feb 11, 2026
Tracked Since
Feb 18, 2026