CVE-2026-26341
Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
In short
Tattile Smart+, Vega, and Basic devices come with default passwords that cannot be changed during setup. An attacker who accesses the management interface can log in with these preset credentials and gain full administrative control over the device.
Technical detail
The vulnerability exists in firmware versions ≤1.181.5 where default credentials are shipped and not enforced to be changed during installation. An attacker with network access to the management interface can authenticate using these known credentials to obtain administrative privileges, compromising device configuration and data integrity.
Summary generated and translated by AI from the official description.
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Tattile s.r.l. · ANPR MobileTattile s.r.l. · Axle CounterTattile s.r.l. · Basic MK2Tattile s.r.l. · Smart+Tattile s.r.l. · Smart+ SpeedTattile s.r.l. · Smart+ Traffic LightTattile s.r.l. · Tolling+Tattile s.r.l. · Vega11Tattile s.r.l. · Vega33Tattile s.r.l. · Vega53public PoCs found — 1
cve_referencewww.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.phpunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →