CVE-2026-1223

MEDIUM

PrismX MX100 AP - Privilege Escalation

Title source: llm

Description

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

References (2)

[Various Sources] https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html

[Various Sources] https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html

Scores

CVSS v3 4.9

EPSS 0.0005

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (1)

BROWAN COMMUNICATIONS/PrismX MX100 AP controller < 1.03.23.01

Published Jan 20, 2026

Tracked Since Feb 18, 2026