Skip to main content

Radiflow iSAP Smart Collector CVE-2026-22312

| EUVDEUVD-2026-37199 HIGH
Use of Hard-coded Credentials (CWE-798)
2026-06-16 ENISA GHSA-rjmc-8p4f-6f8p
8.6
CVSS 3.1 · Vendor: ENISA
Share

Severity by source

Vendor (ENISA) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
vuln.today AI
8.6 HIGH

Network-reachable REST API authenticated by a hardcoded constant token (PR:N, AC:L); attacker can read and modify configuration (C:L/I:H) and trigger reboots (A:L).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (ENISA).

CVSS VectorVendor: ENISA

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Jun 16, 2026 - 19:46 vuln.today
CVE Published
Jun 16, 2026 - 18:19 cve.org
HIGH 8.6

DescriptionCVE.org

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).

AnalysisAI

Authentication bypass in Radiflow iSAP Smart Collector exposes a REST API protected only by a hardcoded constant token, allowing remote attackers to read system settings, modify device configuration, and trigger commands such as a system reboot. The constant token effectively negates authentication, making the API exploitable by anyone who can reach the device's web server. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach device web server on OT network
Delivery
Send REST API request with hardcoded token
Exploit
Bypass authentication on management endpoints
Execution
Read system configuration
Persist
Modify settings or invoke reboot command
Impact
Disrupt OT telemetry collection

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the iSAP Smart Collector's web server and knowledge of the hardcoded REST API token embedded in firmware; once both are met, no user interaction, no valid user account, and no special device configuration are needed because the static token is the only authentication factor on the API. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L describes remote, unauthenticated, low-complexity exploitation with high integrity impact, which is consistent with a hardcoded-token API: the attacker needs only network reachability to the device. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the OT or management segment hosting the iSAP Smart Collector - for example via a pivot from an IT/OT bridge or a compromised engineering workstation - sends REST API requests carrying the known constant token, reads the current configuration, and then issues a configuration change or reboot command to disrupt telemetry collection or weaken downstream monitoring. Because the token is static across devices, a single recovery from firmware analysis or vendor documentation enables exploitation against every deployment. …
Remediation No vendor-released patch identified at time of analysis based on the supplied references, so the primary action is to contact Radiflow for a firmware update that removes or replaces the hardcoded API token with per-device credentials, and to monitor https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312 for advisory updates. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Immediately identify all iSAP Smart Collector instances and isolate from untrusted networks using firewall rules; disable the REST API if not operationally required. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-22312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy