CVE-2026-9139
CriticalSummary
The Taiko AG1000-01A SMS Alert Gateway in versions Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface. Authentication is implemented entirely in client-side JavaScript, allowing attackers to recover administrative credentials.
Risk Assessment
Unauthenticated attackers with network access can gain full administrative access to the device, posing a significant security risk to the organization.
Recommendation
It is recommended to update the device to the latest software version that addresses this vulnerability and to implement additional security measures to restrict access to the configuration interface.
Original NVD description (English source)
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.

