CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT
Summary
| CVE | CVE-2026-27870 |
|---|---|
| State | PUBLISHED |
| Assigner | HackRTU |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-17 13:20:13 UTC |
| Updated | 2026-06-17 16:18:00 UTC |
| Description | An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS) payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. |
Risk And Classification
Primary CVSS: v4.0 4.8 MEDIUM from ffb98d57-deaa-4918-a669-5225ccc13e39
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.005090000 probability, percentile 0.393230000 (date 2026-06-18)
Problem Types: CWE-79 | CWE-79 CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | ffb98d57-deaa-4918-a669-5225ccc13e39 | Secondary | 4.8 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 4.8 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Teldat | Regesta Smart HD-PLC - TLDPH16D2 | affected 11.02.05.10.02 | Not specified |
| CNA | Teldat | Regesta Smart HD-PLC - TLDPH16D2 | unaffected 11.02.06.00.02 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.teldat.com/images/content/docs/Teldat_dm1087_regesta_smart_nessum_series... | ffb98d57-deaa-4918-a669-5225ccc13e39 | support.teldat.com | |
| www.teldat.com/es | ffb98d57-deaa-4918-a669-5225ccc13e39 | www.teldat.com | |
| www.hackrtu.com/blog/CNA-HRTU-0002 | ffb98d57-deaa-4918-a669-5225ccc13e39 | www.hackrtu.com | |
| support.teldat.com/portal/supportcontent | ffb98d57-deaa-4918-a669-5225ccc13e39 | support.teldat.com | |
| www.hackrtu.com/blog/CNA-CVE-2026-27870 | ffb98d57-deaa-4918-a669-5225ccc13e39 | www.hackrtu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Aarón Flecha Menéndez (en)
CNA: Víctor Bello Cuevas (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-02-20T09:00:00.000Z | Vulnerability detection by the researchers |
| CNA | 2026-02-22T09:00:00.000Z | Report from researchers to the CNA of HackRTU |
| CNA | 2026-02-25T09:00:00.000Z | Report from HackRTU CNA to the provider |
| CNA | 2026-05-29T08:00:00.000Z | New version published by the provider |
| CNA | 2026-06-17T08:00:00.000Z | Vulnerabilities published by HackRTU's CNA |
Solutions
CNA: The provider has implement the new version 11.02.06.00.02 which solves the security problems detected in the affected version. The end user has to download the new version in the Teldat - Client Support Portal and implement it in the device ( https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US ).