CVE ID :CVE-2026-12183
Published : June 13, 2026, 6:16 p.m. | 6 hours, 51 minutes ago
Description :Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=&pwd=), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : June 13, 2026, 6:16 p.m. | 6 hours, 51 minutes ago
Description :Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=&pwd=), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-12183
Unknown
N/A
N/A
⚠️ Vulnerability Description:
1. IMMEDIATE ACTIONS
Immediately isolate any Acme SecureAuth Gateway instances from external networks if possible, or restrict network access to only trusted internal IP ranges.
Review access logs for the Acme SecureAuth Gateway for any unusual authentication attempts, particularly those from unknown IP addresses or with administrative user agents. Specifically, look for successful logins that did not originate from expected, whitelisted sources.
Force a rotation
💡 AI-generated — review with a security professional before acting.View on NVD →