CVE-2026-9139

Summary

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.

Affected Software

VendorProductVersion RangeStatus
Taiko Network Communications Pte Ltd.AG1000-01A SMS Alert GatewayRev 7.3affected
Taiko Network Communications Pte Ltd.AG1000-01A SMS Alert GatewayRev 8affected
Taiko Network Communications Pte Ltd.AG1000-01A SMS Alert GatewayUM-AG1000_R7.2affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References