Skip to main content

Ag1000 01A Sms Alert Gateway

3 CVEs product

Monthly

CVE-2026-9144 HIGH This Week

Stored cross-site scripting in the Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) lets authenticated low-privilege users plant persistent JavaScript in the device's web configuration interface by splitting payloads across multiple admin form fields. The injected script executes in any administrator session that views dashboard pages such as index.zhtml, enabling session hijack or privilege escalation within the appliance. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Ag1000 01A Sms Alert Gateway
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-9141 CRITICAL Act Now

Authentication bypass in Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) lets remote attackers reach the embedded web configuration interface without any login, granting full administrative read and write access over alarm routing and device settings. The CVSS 4.0 score of 9.3 reflects unauthenticated network exploitation with high impact on confidentiality, integrity, and availability, and a public technical write-up exists on Medium alongside a VulnCheck advisory, though no public exploit identified at time of analysis.

Authentication Bypass Ag1000 01A Sms Alert Gateway
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-9139 CRITICAL Act Now

Authentication bypass in the Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) allows unauthenticated remote attackers to recover hard-coded administrative credentials by viewing the page source of login.zhtml, because the validate() function performs credential checking entirely client-side. With a CVSS 4.0 base score of 9.3 (AV:N/AC:L/PR:N/UI:N) and a VulnCheck advisory plus a public Medium write-up, the flaw is trivially exploitable, though no public exploit identified at time of analysis as a packaged tool and the device is not currently listed in CISA KEV.

Authentication Bypass Ag1000 01A Sms Alert Gateway
NVD
CVSS 4.0
9.3
EPSS
0.1%
EPSS 0% CVSS 8.4
HIGH This Week

Stored cross-site scripting in the Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) lets authenticated low-privilege users plant persistent JavaScript in the device's web configuration interface by splitting payloads across multiple admin form fields. The injected script executes in any administrator session that views dashboard pages such as index.zhtml, enabling session hijack or privilege escalation within the appliance. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Ag1000 01A Sms Alert Gateway
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Authentication bypass in Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) lets remote attackers reach the embedded web configuration interface without any login, granting full administrative read and write access over alarm routing and device settings. The CVSS 4.0 score of 9.3 reflects unauthenticated network exploitation with high impact on confidentiality, integrity, and availability, and a public technical write-up exists on Medium alongside a VulnCheck advisory, though no public exploit identified at time of analysis.

Authentication Bypass Ag1000 01A Sms Alert Gateway
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Authentication bypass in the Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) allows unauthenticated remote attackers to recover hard-coded administrative credentials by viewing the page source of login.zhtml, because the validate() function performs credential checking entirely client-side. With a CVSS 4.0 base score of 9.3 (AV:N/AC:L/PR:N/UI:N) and a VulnCheck advisory plus a public Medium write-up, the flaw is trivially exploitable, though no public exploit identified at time of analysis as a packaged tool and the device is not currently listed in CISA KEV.

Authentication Bypass Ag1000 01A Sms Alert Gateway
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy