CVE-2026-9144
Description
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. Attackers can bypass front-end length restrictions using JavaScript comments and template literals to concatenate executable script fragments that are rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Taiko AG1000-01A SMS Alert Gateway allows authenticated attackers to execute persistent JavaScript by splitting payloads across multiple admin form fields.
Vulnerability
Taiko AG1000-01A SMS Alert Gateway firmware revisions Rev 7.3 and Rev 8 contain a stored cross-site scripting (XSS) vulnerability in the embedded web configuration interface [1]. Authenticated attackers can inject persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields, bypassing front-end length restrictions through the use of JavaScript comments and template literals [1]. The concatenated script is rendered and executed in administrative dashboard views such as index.zhtml [1].
Exploitation
To exploit this vulnerability, an attacker must have valid administrative credentials to the web interface [1]. The attacker can then split the malicious payload across multiple form fields (e.g., short input strings), using JavaScript comments (//) and template literals (backticks) to join the fragments into executable code [1]. The fragmented payload bypasses per-field length checks and is reconstructed server-side, then rendered in administrative dashboard views, leading to persistent script execution [1]. No user interaction beyond the attacker's own session is required; the injected XSS persists in the configuration and affects subsequent administrative sessions [1].
Impact
Successful exploitation results in persistent JavaScript execution within the context of any administrative session that views the dashboard [1]. This allows the attacker to potentially steal session cookies, modify configuration settings, or perform actions with the privileges of the authenticated administrator [1]. The CIA impact includes breach of confidentiality (data or session theft) and integrity (unauthorized configuration changes), with a CVSS v3 score of 7.6 (High) [1].
Mitigation
As of publication, no official fix has been released for Taiko AG1000-01A Rev 7.3 or Rev 8 [1]. The advisory notes the vulnerability was disclosed through VulnCheck's coordination process but a patch timeline is not yet available [1]. Administrators should restrict access to the management interface to trusted IP ranges, enforce strong password policies, and monitor for suspicious configuration changes [1]. If the device is at end-of-life status and no update is forthcoming, replacement with a supported appliance may be necessary [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: Rev 7.3 || Rev 8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.