CVE Catalog

CVE-2026-9141

Critical
Published: Translated: NVD NIST

Summary

The Taiko AG1000-01A SMS Alert Gateway in versions 7.3 and 8 contains an authentication bypass vulnerability in the embedded web configuration interface, allowing unauthenticated attackers to access internal application pages without any session management or server-side authentication checks.

Risk Assessment

Attackers with network access can directly request internal resources, enabling full administrative access and unauthorized modifications, which may lead to disruptions in monitoring and control functions.

Recommendation

It is recommended to implement proper authentication mechanisms and restrict access to the configuration interface only to authorized users.

Original NVD description (English source)

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS