18 matches found
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26341
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...
CVE-2026-26341
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...
CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...
CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...
CVE-2026-26341
CVE-2026-26341 affects Tattile Smart+, Vega, and Basic device families with firmware ≤ 1.181.5. The root cause is default credentials that are not forced to be changed during installation, enabling an attacker who can reach the management interface to authenticate and gain administrative access t...
CVE-2026-26340
The CVE-2026-26340 entry affects Tattile Smart+, Vega, and Basic device families on firmware versions 1.181.5 and earlier, where RTSP streams are exposed without authentication. The underlying issue is unauthenticated access to live video/audio streams, enabling unauthorized surveillance data dis...
CVE-2026-26340 Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...
CVE-2026-26340 Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...
PT-2026-21790
Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions prior to 1.181.5 Description The authentication token X-User-Token in affected devices has an insufficient expiration time. An attacker obtaining a valid token through methods like...
PT-2026-21789
Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions 1.181.5 and prior Description The device families ship with default credentials that are not required to be changed during setup. An attacker reaching the management interface can use...
Tattile Smart+ 安全漏洞
Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. Versions of Tattile Smart+ prior to 1.181.5 contained a security vulnerability. This vulnerability stemmed from the use of default credentials that were not forced to change, allowing attackers to...
Tattile Smart+ 代码问题漏洞
Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. There are code-related vulnerabilities in Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions. These vulnerabilities stem from an inadequate mechanism for handling expired authentication...
Tattile Smart+ 访问控制错误漏洞
Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions have an access control vulnerability. This vulnerability stems from the fact that RTSP streams do not require authentication, which may...