CVE 8.6 HIGH

BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller – Arbitrary File Upload_CVE-2026-1222

January 20, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2026-1222

Source twcert

Published Jan 20, 2026 at 06:30

Affected Product

Vendor BROWAN COMMUNICATIONS

Product PrismX MX100 AP controller

Affected Versions BROWAN COMMUNICATIONS PrismX MX100 AP controller 0

CWE Classification

CWE-434

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor BROWAN COMMUNICATIONS

Product PrismX MX100 AP controller

References

{
    "lastseen": "",
    "description": "PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2026-01-20T06:30:52.946Z",
    "modified": "2026-01-20T06:30:52.946Z",
    "type": "cve",
    "title": "BROWAN COMMUNICATIONS \uff5cPrismX MX100 AP controller - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html\nhttps://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html",
    "id": "CVE-2026-1222",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "BROWAN COMMUNICATIONS PrismX MX100 AP controller 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PrismX MX100 AP controller",
    "version": "0",
    "vendor": "BROWAN COMMUNICATIONS",
    "ai_description": "Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors",
    "ai_severity": "High",
    "ai_vendor": "BROWAN COMMUNICATIONS",
    "ai_product": "PrismX MX100 AP controller",
    "ai_version": "0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply