Description
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.
Published: 2026-01-20
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Database Access via Hard‑coded Credentials
Action: Patch
AI Analysis

Impact

The PrismX MX100 AP controller contains hard‑coded database credentials that allow unauthenticated remote attackers to log in to the internal database. This flaw enables attackers to read or modify configuration data and potentially exfiltrate or alter operational settings, compromising confidentiality and integrity of all managed access points. The vulnerability is a classic example of improper credential storage (CWE-798).

Affected Systems

All BROWAN COMMUNICATIONS PrismX MX100 AP controller firmware releases earlier than v1.03.23.01 are affected. The vulnerability is present in devices shipped with the default firmware that includes the hard‑coded credentials.

Risk and Exploitability

With a CVSS score of 9.3 the flaw is classified as critical. The EPSS score is reported below 1%, indicating that exploitation in the wild is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the weakness remotely by connecting to the device over the network; no special user privileges are required. Successful exploitation would give full read/write access to the device’s database, enabling configuration tampering or information disclosure.

Generated by OpenCVE AI on April 18, 2026 at 04:47 UTC.

Remediation

Vendor Solution

Update firmware to version v1.03.23.01 or later.

OpenCVE Recommended Actions

  • Update the device firmware to version v1.03.23.01 or later as specified by the vendor's recommendation
  • Restrict network access to the PrismX MX100 AP controller, for example by blocking database ports from the public network or placing the device behind a firewall with strict access rules
  • Enable logging and continuously monitor for unusual database access attempts so that any exploitation can be detected promptly

Generated by OpenCVE AI on April 18, 2026 at 04:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 21 Jan 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Browan Communications
Browan Communications prismx Mx100 Ap Controller
Vendors & Products Browan Communications
Browan Communications prismx Mx100 Ap Controller

Tue, 20 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 06:45:00 +0000

Type Values Removed Values Added
Description PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.
Title BROWAN COMMUNICATIONS |PrismX MX100 AP controller - Use of Hard-coded Credentials
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Browan Communications Prismx Mx100 Ap Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-20T20:04:39.035Z

Reserved: 2026-01-20T05:44:54.980Z

Link: CVE-2026-1221

cve-icon Vulnrichment

Updated: 2026-01-20T20:04:33.345Z

cve-icon NVD

Status : Deferred

Published: 2026-01-20T07:15:50.047

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1221

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:00:06Z

Weaknesses