CVE-2026-26341 PUBLISHED

Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Assigner: VulnCheck
Reserved: 13.02.2026 Published: 24.02.2026 Updated: 24.02.2026

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor Tattile s.r.l.
Product Smart+
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Tolling+
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Smart+ Speed
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Smart+ Traffic Light
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Axle Counter
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Vega53
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Vega33
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Vega11
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product Basic MK2
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)
Vendor Tattile s.r.l.
Product ANPR Mobile
Versions Default: unaffected
  • affected from 0 to 1.181.5 (incl.)

Credits

  • Gjoko Krstic of Zero Science Lab finder

References

Problem Types

  • CWE-1392 Use of Default Credentials CWE