CVE-2026-1223

MEDIUM

PrismX MX100 AP - Privilege Escalation

Title source: llm

Description

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

References (2)

[Various Sources] https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html

[Various Sources] https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html

Scores

CVSS v3 4.9

EPSS 0.0005

EPSS Percentile 14.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status draft

Timeline

Published Jan 20, 2026

Tracked Since Feb 18, 2026