CVE-2026-9141
CriticalSummary
The Taiko AG1000-01A SMS Alert Gateway in versions 7.3 and 8 contains an authentication bypass vulnerability in the embedded web configuration interface, allowing unauthenticated attackers to access internal application pages without any session management or server-side authentication checks.
Risk Assessment
Attackers with network access can directly request internal resources, enabling full administrative access and unauthorized modifications, which may lead to disruptions in monitoring and control functions.
Recommendation
It is recommended to implement proper authentication mechanisms and restrict access to the configuration interface only to authorized users.
Original NVD description (English source)
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.

