PT-2026-42262 · Taiko · Ag1000-01A Sms Alert Gateway
Vulncheck
·
Published
2026-05-20
·
Updated
2026-05-20
·
CVE-2026-9139
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Taiko AG1000-01A SMS Alert Gateway Rev 7.3
Taiko AG1000-01A SMS Alert Gateway Rev 8
Description
The embedded web configuration interface contains hard-coded credentials. Authentication is implemented entirely in client-side JavaScript within the 'login.zhtml' page, which exposes static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials from the
validate() function to obtain full administrative access to the device.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ag1000-01A Sms Alert Gateway