CVE-2026-26342

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

CVE-2026-26341

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

CVE-2026-26342

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

CVE-2026-26341

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

CVE-2026-26341

CVE-2026-26341 affects Tattile Smart+, Vega, and Basic device families with firmware ≤ 1.181.5. The root cause is default credentials that are not forced to be changed during installation, enabling an attacker who can reach the management interface to authenticate and gain administrative access t...

CVE-2026-26340

The CVE-2026-26340 entry affects Tattile Smart+, Vega, and Basic device families on firmware versions 1.181.5 and earlier, where RTSP streams are exposed without authentication. The underlying issue is unauthenticated access to live video/audio streams, enabling unauthorized surveillance data dis...

CVE-2026-26340 Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...

PT-2026-21790

Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions prior to 1.181.5 Description The authentication token X-User-Token in affected devices has an insufficient expiration time. An attacker obtaining a valid token through methods like...

Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

PT-2026-21789

Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions 1.181.5 and prior Description The device families ship with default credentials that are not required to be changed during setup. An attacker reaching the management interface can use...

Tattile Cameras 1.181.5 Use of Default Credentials

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

📄 Tattile Cameras 1.181.5 Insufficient Token Expiration

Tattile Cameras version 1.181.5 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or tokens for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse...

Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

Tattile Smart+ 代码问题漏洞

Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. There are code-related vulnerabilities in Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions. These vulnerabilities stem from an inadequate mechanism for handling expired authentication...

Tattile Smart+ 访问控制错误漏洞

Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions have an access control vulnerability. This vulnerability stems from the fact that RTSP streams do not require authentication, which may...

Cisco Small Business 220 Series Smart Plus Switches Denial of Service Vulnerability

Cisco Small Business 220 Series Smart Plus Switches is a 220 Series stackable managed switch product from Cisco USA. A denial of service vulnerability exists in Cisco Small Business 220 Series Smart Plus Switches. An attacker could exploit this vulnerability to cause a denial of service...

Cisco Small Business 220 Series Smart Plus Switches Unauthorized Access Vulnerability

Cisco Small Business 220 Series Smart Plus Switches is a 220 Series stackable managed switch product from Cisco USA. An unauthorized access vulnerability exists in Cisco Small Business 220 Series Smart Plus Switches. An attacker could exploit this vulnerability to gain unauthorized access to an...