Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-9139: Taiko AG1000-01A SMS Gateway Exposes Administrative Credentials
CVE-2026-9139
Summary
The Taiko AG1000-01A SMS Gateway versions 7.3 and 8 contain a security flaw where sensitive login information is hardcoded into the device's web interface. This makes it possible for unauthorized users to access the device's administrative settings. To protect the device, update to the latest version of the software as soon as possible.
Original title
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in clien...
Original description
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 20 May 2026 · Updated: 30 May 2026 · First seen: 20 May 2026