BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller – Insufficiently Protected Credentials

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

Basic Information

ID CVE-2026-1223

Source twcert

Published Jan 20, 2026 at 06:35

Modified Jan 20, 2026 at 06:50

Affected Product

Vendor BROWAN COMMUNICATIONS

Product PrismX MX100 AP controller

Affected Versions BROWAN COMMUNICATIONS PrismX MX100 AP controller 0

CWE Classification

CWE-522

References

{
    "lastseen": "",
    "description": "PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.",
    "published": "2026-01-20T06:35:17.742Z",
    "modified": "2026-01-20T06:50:45.440Z",
    "type": "cve",
    "title": "BROWAN COMMUNICATIONS \uff5cPrismX MX100 AP controller - Insufficiently Protected Credentials",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html\nhttps://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html",
    "id": "CVE-2026-1223",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "BROWAN COMMUNICATIONS PrismX MX100 AP controller 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PrismX MX100 AP controller",
    "version": "0",
    "vendor": "BROWAN COMMUNICATIONS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller – Insufficiently Protected Credentials_CVE-2026-1223