Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC
Vulnerability Description
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
METIS WIC 安全漏洞
Vulnerability Description
METIS WIC是希腊METIS公司的一个红外测温仪的窗口界面配置软件。 METIS WIC存在安全漏洞,该漏洞源于/dbviewer/ Web端点未经身份验证即可访问,可能导致远程攻击者访问和导出包含敏感操作数据的内部遥测SQLite数据库,并因调试模式启用而泄露后端源代码等信息。
CVSS Information
N/A
Vulnerability Type
N/A