CVE Catalog

CVE-2026-27868

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

A vulnerability in the Teldat Regesta Smart HD-PLC device allows an attacker with network access (no authentication required) to obtain privilege information by sending a Version request to the path /upgrade/query.php?cmd=p+3&3Bversion. This affects firmware version TLDPH16D2 11.02.05.10.02.

Risk Assessment

The organization is at risk of privilege information disclosure, which could enable the attacker to perform further attacks, including privilege escalation or more sophisticated network intrusions.

Recommendation

Immediately update the Regesta Smart HD-PLC firmware to the latest available version and restrict network access to the management interface to trusted hosts only.

Original NVD description (English source)

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS