EUVD-2026-31189
GHSA-c89f-cvmv-ffjf
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.
AnalysisAI
Authentication bypass in Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) lets remote attackers reach the embedded web configuration interface without any login, granting full administrative read and write access over alarm routing and device settings. The CVSS 4.0 score of 9.3 reflects unauthenticated network exploitation with high impact on confidentiality, integrity, and availability, and a public technical write-up exists on Medium alongside a VulnCheck advisory, though no public exploit identified at time of analysis.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Taiko AG1000-01A gateways in production and document network exposure; verify whether instances are accessible from untrusted networks. Within 7 days: Implement network segmentation to restrict administrative interface access to authorized personnel only; disable remote access if operationally feasible, or restrict to VPN/bastion host only. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today