CVE-2026-1221
Use of Hardcoded Credentials in PrismX MX100 AP Controller Allows Remote Access
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| browan_communications | prismx_mx100_ap_controller | to 1.03.23.01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1221 is a critical vulnerability in the PrismX MX100 AP controller where hard-coded database credentials are embedded in the device's firmware. This allows unauthenticated remote attackers to log into the device's database without needing any authentication, exploiting these fixed credentials. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows attackers to remotely access the database without authentication, potentially leading to full compromise of the device's confidentiality, integrity, and availability. Attackers could steal sensitive data, modify or delete information, or disrupt device operations. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the PrismX MX100 AP controller firmware to version 1.03.23.01 or later. [1, 2]