CVE-2026-1221

Critical

Published: 20 January 2026

Published

20 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of flaws like hardcoded credentials through vendor firmware updates.

IA-5 Authenticator Management good match

prevent

IA-5 mandates secure management of authenticators, directly prohibiting the embedding of hardcoded database credentials in firmware.

SA-8 Security and Privacy Engineering Principles good match

prevent

SA-8 applies security engineering principles during system development to prevent vulnerabilities such as hardcoded credentials in firmware.

Security SummaryAI

CVE-2026-1221 is a Use of Hard-coded Credentials vulnerability (CWE-798) affecting the PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS. The flaw involves hardcoded database credentials stored in the firmware, which unauthenticated remote attackers can exploit to log in to the database. Published on 2026-01-20, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and potential for high-impact confidentiality, integrity, and availability disruptions.

Unauthenticated remote attackers can exploit this vulnerability over the network without privileges or user interaction. Successful exploitation grants database login access via the hardcoded credentials, enabling attackers to potentially read sensitive data, modify database contents, or disrupt services, aligning with the high impact ratings across confidentiality, integrity, and availability.

Advisories from TWCERT/CC detail the issue, available at https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html and https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html. Security practitioners should consult these for recommended mitigations, such as firmware updates or credential rotation if available from the vendor.

Details

CWE(s): CWE-798

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Hardcoded credentials enable use of default accounts (T1078.001) for unauthenticated remote database login; vulnerability in public-facing network device facilitates initial access via exploit (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html
twcert@cert.org.tw
https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html
twcert@cert.org.tw