从这个网页截图中可以获取到以下关于漏洞的关键信息: 漏洞概述 TVN ID: TVN-202601007 CVE ID: CVE-2026-1221, CVE-2026-1222, CVE-2026-1223 CVSS Score: - CVE-2026-1221: 9.8 (Critical) - CVE-2026-1222: 7.2 (High) - CVE-2026-1223: 4.9 (Medium) 影响产品 受影响产品: PrismX MX100 AP controller before version 1.03.23.01 漏洞描述 CVE-2026-1221: - Description: Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware. CVE-2026-1222: - Description: Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. CVE-2026-1223: - Description: Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain SMTP plaintext passwords through the web frontend. 解决方案 Solution: Update firmware to version v1.03.23.01 or later. 其他信息 Credit: Alvin Lee, legendyang (Yoni Yang), yeyoumeng (ICEDTEA) Public Date: 2026-01-20 相关链接 CVE-2026-1221 CVE-2026-1222 CVE-2026-1223