A critical vulnerability has been identified in multiple PrismX products, allowing unauthenticated remote attackers to gain full access to the device's database. This is due to hard-coded credentials stored within the device firmware, which could lead to a complete compromise of data confidentiality, integrity, and availability. Immediate patching is required to prevent potential data breaches and system takeover.

The PrismX MX100 AP controller firmware contains static, hard-coded database credentials. A remote, unauthenticated attacker can extract these credentials by analyzing the firmware file. Once obtained, the attacker can use these credentials to directly log in to the device's database, bypassing all authentication mechanisms and gaining privileged access to the stored data.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker direct administrative access to the database, posing a significant risk to the organization. Potential consequences include unauthorized access to sensitive configuration data, customer information, or network credentials; modification or deletion of critical data leading to service disruption; and using the compromised device as a pivot point for further attacks within the network. This can result in severe financial loss, reputational damage, and regulatory penalties.

Immediate Action: Organizations must immediately apply the security updates provided by the vendor to all affected PrismX products. After patching, it is crucial to monitor systems for any signs of compromise that may have occurred prior to the update and review all database access logs for unauthorized connections.

Proactive Monitoring: Implement enhanced monitoring for database access attempts originating from untrusted or unexpected IP addresses. Network traffic should be monitored for unusual data flows from the database server, which could indicate data exfiltration. System logs should be reviewed for authentication attempts using the now-public hard-coded credentials.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to restrict access to the database port from untrusted networks, such as the internet. Deploy an Intrusion Prevention System (IPS) or Web Application Firewall (WAF) with rules to detect and block login attempts using the known hard-coded credentials. If possible, manually change the default database password on the device, though this may not be supported on all firmware versions.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the ease of exploitation, this vulnerability presents a clear and present danger to the organization. We strongly recommend that all affected PrismX products be patched immediately, treating this as the highest priority. Although this CVE is not currently listed on the CISA KEV catalog, its high impact and low attack complexity make it a prime candidate for future inclusion and widespread exploitation. Organizations should assume they are being targeted and act decisively to mitigate this risk.