CVE-2026-9141— Taiko AG1000-01A SMS Alert Gateway 访问控制错误漏洞

Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

关键功能的认证机制缺失

Taiko AG1000-01A SMS Alert Gateway 访问控制错误漏洞

Taiko AG1000-01A SMS Alert Gateway是新加坡Taiko公司的一款支持短信告警通知与远程事件消息转发的工业通信网关设备。 Taiko AG1000-01A SMS Alert Gateway Rev 7.3版本和Rev 8版本存在访问控制错误漏洞，该漏洞源于嵌入式Web配置界面中存在身份验证绕过，可能导致未经身份验证的攻击者访问内部应用页面并获得完全管理读写访问权限。

N/A

N/A