CVE-2026-27868
Received Received - Intake
Information Disclosure in Regesta Smart HD-PLC via Command Injection

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: ffb98d57-deaa-4918-a669-5225ccc13e39

Description
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-27868
EUVD
EUVD-2026-37576
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
teldat regesta_smart_hd-plc 11.02.05.10.02
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided context and resources do not contain any information regarding the impact of CVE-2026-27868 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-27868 is a medium-severity vulnerability affecting the Regesta Smart HD-PLC - TLDPH16D2 industrial router by Teldat. An attacker with network access can exploit this vulnerability without needing to register or authenticate.

The vulnerability arises from improper handling of the "Version" command via the path /upgrade/query.php?cmd=p+3&3Bversion, which allows the attacker to obtain privileged information, resulting in information disclosure.

The affected firmware version is 11.02.05.10.02, and Teldat has released a patched version 11.02.06.00.02 to mitigate this issue.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive or privileged information from the affected Regesta Smart HD-PLC device.

An attacker with network access could exploit this flaw to gather information that might be used for further attacks or to compromise the device or network.

Since no authentication is required to exploit this vulnerability, it increases the risk of exposure in environments where the device is accessible over the network.

Detection Guidance

This vulnerability can be detected by attempting to access the vulnerable endpoint on the Regesta Smart HD-PLC device. Specifically, sending a request to the path /upgrade/query.php?cmd=p+3&3Bversion on the affected firmware version 11.02.05.10.02 may reveal privilege information due to information disclosure.

A suggested command to test for this vulnerability is to use a network tool such as curl or wget to send an HTTP GET request to the device's IP address with the vulnerable path, for example:

  • curl http://[device_ip]/upgrade/query.php?cmd=p+3&3Bversion

If the response contains sensitive version or privilege information without authentication, the device is vulnerable.

Mitigation Strategies

The immediate mitigation step is to upgrade the firmware of the Regesta Smart HD-PLC device to the patched version 11.02.06.00.02 provided by Teldat.

This updated firmware fixes the information disclosure vulnerability caused by improper handling of the Version command.

The patched firmware can be downloaded and installed from the Teldat Client Support Portal.

Until the upgrade is applied, restrict network access to the device to trusted users only to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27868. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart