Critical severity9.8NVD Advisory· Published May 20, 2026· Updated May 21, 2026
CVE-2026-9139
CVE-2026-9139
Description
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: Rev 7.3, Rev 8
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.