CVE-2026-27870

CVE-2026-27870CVE-2026-27870

Description

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS)  payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.

Scoring

Last modified2026-07-01
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.