CVE Catalog

CVE-2026-9139

Critical
Published: Translated: NVD NIST

Summary

The Taiko AG1000-01A SMS Alert Gateway in versions Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface. Authentication is implemented entirely in client-side JavaScript, allowing attackers to recover administrative credentials.

Risk Assessment

Unauthenticated attackers with network access can gain full administrative access to the device, posing a significant security risk to the organization.

Recommendation

It is recommended to update the device to the latest software version that addresses this vulnerability and to implement additional security measures to restrict access to the configuration interface.

Original NVD description (English source)

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS