CVE-2026-9141
CRITICALTaiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface
Title source: cnaDescription
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.
References (2)
Core 2
Core References
Technical Description technical-description
Ledger Security Bulletin 019
https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-authentication-bypass-via-web-interface
Scores
CVSS v3
9.8
EPSS
0.0048
EPSS Percentile
37.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (3)
Taiko Network Communications Pte Ltd./AG1000-01A SMS Alert Gateway
Rev 7.3
Taiko Network Communications Pte Ltd./AG1000-01A SMS Alert Gateway
Rev 8
Taiko Network Communications Pte Ltd./AG1000-01A SMS Alert Gateway
UM-AG1000_R7.2
Published
May 20, 2026
Tracked Since
May 21, 2026