CVE-2026-1221
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.
AnalysisAI
PrismX MX100 AP controller by BROWAN has hard-coded credentials that allow remote attackers to gain full administrative access to the wireless network controller.
Technical ContextAI
The PrismX MX100 wireless access point controller contains CWE-798 hard-coded credentials that cannot be changed by administrators. Any attacker who discovers these credentials gains full administrative access.
Affected ProductsAI
BROWAN PrismX MX100 AP controller
RemediationAI
Contact BROWAN for firmware update. Restrict management interface access. Monitor for unauthorized configuration changes.
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today