CVE-2026-22312

Vulnerability

The Radiflow iSAP Smart Collector version 3.07-1 exposes a REST API on TCP port 8086 of its management network interface. The API is authenticated using a constant (hardcoded) token, which is a CWE-798 weakness [1]. An attacker with access to the management network can bypass authentication and interact with the API without valid credentials.

Exploitation

An attacker needs only network access to the management network where the device resides. No authentication is required because the token is static and known. By sending HTTP requests to the REST API endpoints on port 8086, the attacker can retrieve all system settings, modify the device configuration, and execute commands such as a system reboot [1].

Impact

Successful exploitation allows the attacker to read sensitive system settings (confidentiality impact), alter the device configuration (integrity impact), and trigger disruptive commands like a reboot (availability impact). The CVSS v3.1 base score is 8.6 (HIGH) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L [1]. The attacker gains unauthenticated but network‑level control over the device.

Mitigation

As of the publication date (2026-06-16), no official fix has been disclosed in the available references [1]. Until a patch is released, restricting access to the management network via firewall rules or VLAN segmentation can reduce the attack surface. Users should monitor vendor advisories for a firmware update that replaces the hardcoded token with a proper authentication mechanism.