Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-9141: Taiko AG1000-01A SMS Alert Gateway Authentication Bypass
CVE-2026-9141
Summary
An attacker can access sensitive settings and disrupt the Taiko AG1000-01A SMS Alert Gateway's monitoring and control functions without a password. This is a concern because it could lead to unauthorized changes to alarm routing and device configuration. To protect your system, update to the latest version of the software as soon as possible.
Original title
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access inte...
Original description
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 20 May 2026 · Updated: 30 May 2026 · First seen: 20 May 2026