Description
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.
Published: 2026-01-20
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Credential Theft
Action: Apply Patch
AI Analysis

Impact

PrismX MX100 AP controller includes an Insufficiently Protected Credentials flaw that permits authenticated remote attackers with privileged access to harvest SMTP plaintext passwords via the web interface. This leads to unauthorized disclosure of credentials used for SMTP services. The weakness does not enable arbitrary code execution or denial of service but can compromise confidentiality of SMTP passwords and potentially allow attackers to relay mail, impersonate users, or compromise downstream systems.

Affected Systems

The impacted system is the BROWAN COMMUNICATIONS PrismX MX100 AP controller. No specific firmware versions are enumerated in the advisory, so the risk applies across the product line until an official firmware update is applied.

Risk and Exploitability

The CVSS score of 6.9 labels the issue as medium severity, and the EPSS score below 1% indicates a low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires remote authentication via the web console; an attacker who has logged in with privileged credentials can then download the SMTP plaintext passwords. Therefore, mitigation should focus on patching and network segmentation.

Generated by OpenCVE AI on April 18, 2026 at 04:47 UTC.

Remediation

Vendor Solution

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

OpenCVE Recommended Actions

  • Deploy the latest firmware release that addresses the credentials disclosure flaw.
  • Restrict web‑interface access to trusted network segments or VPN only.
  • Enforce multi‑factor authentication for the web console.
  • Disable or encrypt the storage of SMTP credentials if possible.
  • Monitor web‑console logs for unexpected credential export activity.

Generated by OpenCVE AI on April 18, 2026 at 04:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 21 Jan 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Browan Communications
Browan Communications prismx Mx100 Ap Controller
Vendors & Products Browan Communications
Browan Communications prismx Mx100 Ap Controller

Tue, 20 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 07:00:00 +0000

Type Values Removed Values Added
Description PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend. PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

Tue, 20 Jan 2026 06:45:00 +0000

Type Values Removed Values Added
Description PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.
Title BROWAN COMMUNICATIONS |PrismX MX100 AP controller - Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Browan Communications Prismx Mx100 Ap Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-20T18:24:10.328Z

Reserved: 2026-01-20T05:44:57.775Z

Link: CVE-2026-1223

cve-icon Vulnrichment

Updated: 2026-01-20T18:24:07.450Z

cve-icon NVD

Status : Deferred

Published: 2026-01-20T07:15:50.473

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1223

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:00:06Z

Weaknesses