CVE-2026-9139

Vulnerability

The Taiko AG1000-01A SMS Alert Gateway running firmware Rev 7.3 or Rev 8 contains a hard-coded credential vulnerability in its embedded web configuration interface. Authentication is implemented entirely in client-side JavaScript within the login.zhtml file, exposing static plaintext credentials directly in the page source. The validate() function contains the hard-coded administrative credentials, which are accessible without any prior authentication [1].

Exploitation

An unauthenticated attacker with network access to the device can recover the administrative credentials by viewing the page source of login.zhtml and extracting the plaintext credentials from the validate() function. These credentials can then be used to log in to the web interface with full administrative privileges [1].

Impact

Successful exploitation grants the attacker full administrative access to the SMS Alert Gateway. This allows complete control over the device, including the ability to read, modify, or delete configuration settings, intercept or redirect SMS alerts, and potentially disrupt critical alerting services. The compromise is at the highest privilege level with no user interaction required [1].

Mitigation

As of the publication date (2026-05-20), no official firmware update has been released to address this vulnerability. The affected versions are Rev 7.3 and Rev 8. Until a patch is available, restrict network access to the device to trusted hosts only, and consider implementing additional network-level authentication or firewall rules to limit exposure. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [1].