CVE-2026-1221

Critical

Published: 20 January 2026

Published

20 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1221 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Org (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SA-8 (Security and Privacy Engineering Principles).

Threat & Defense at a Glance

What attackers do: exploitation maps to Default Accounts (T1078.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of flaws like hardcoded credentials through vendor firmware updates.

IA-5 Authenticator Management good match

prevent

IA-5 mandates secure management of authenticators, directly prohibiting the embedding of hardcoded database credentials in firmware.

SA-8 Security and Privacy Engineering Principles good match

prevent

SA-8 applies security engineering principles during system development to prevent vulnerabilities such as hardcoded credentials in firmware.

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Hardcoded credentials enable use of default accounts (T1078.001) for unauthenticated remote database login; vulnerability in public-facing network device facilitates initial access via exploit (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.

Deeper analysisAI

CVE-2026-1221 is a Use of Hard-coded Credentials vulnerability (CWE-798) affecting the PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS. The flaw involves hardcoded database credentials stored in the firmware, which unauthenticated remote attackers can exploit to log in to the database. Published on 2026-01-20, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and potential for high-impact confidentiality, integrity, and availability disruptions.

Unauthenticated remote attackers can exploit this vulnerability over the network without privileges or user interaction. Successful exploitation grants database login access via the hardcoded credentials, enabling attackers to potentially read sensitive data, modify database contents, or disrupt services, aligning with the high impact ratings across confidentiality, integrity, and availability.

Advisories from TWCERT/CC detail the issue, available at https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html and https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html. Security practitioners should consult these for recommended mitigations, such as firmware updates or credential rotation if available from the vendor.