PT-2026-49826 · Radiflow · Isap Smart Collector
Published
2026-06-16
·
Updated
2026-06-16
·
CVE-2026-22312
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
and execute some commands (e.g. system reboot).
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Isap Smart Collector