Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
References
| Link | Resource |
|---|---|
| https://www.tattile.com/ | Product |
| https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials | Third Party Advisory VDB Entry |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
History
17 Jun 2026, 10:26
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php - Exploit, Third Party Advisory |
26 Feb 2026, 17:31
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Tattile basic Mk2
Tattile tolling\+ Tattile vega33 Tattile smart\+ Speed Firmware Tattile axle Counter Firmware Tattile smart\+ Traffic Light Firmware Tattile vega33 Firmware Tattile smart\+ Tattile Tattile anpr Mobile Firmware Tattile tolling\+ Firmware Tattile smart\+ Traffic Light Tattile basic Mk2 Firmware Tattile vega53 Tattile axle Counter Tattile smart\+ Speed Tattile vega53 Firmware Tattile anpr Mobile Tattile vega11 Firmware Tattile smart\+ Firmware Tattile vega11 |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | () https://www.tattile.com/ - Product | |
| References | () https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials - Third Party Advisory, VDB Entry | |
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php - Third Party Advisory, Exploit | |
| CPE | cpe:2.3:o:tattile:axle_counter_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tattile:tolling\+:-:*:*:*:*:*:*:* cpe:2.3:o:tattile:vega33_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:vega53_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tattile:vega53:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:smart\+_traffic_light:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:smart\+_speed:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:anpr_mobile:-:*:*:*:*:*:*:* cpe:2.3:o:tattile:basic_mk2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:smart\+_traffic_light_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tattile:basic_mk2:-:*:*:*:*:*:*:* cpe:2.3:o:tattile:vega11_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:tolling\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tattile:vega33:-:*:*:*:*:*:*:* cpe:2.3:o:tattile:smart\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tattile:vega11:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:smart\+:-:*:*:*:*:*:*:* cpe:2.3:o:tattile:smart\+_speed_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tattile:axle_counter:-:*:*:*:*:*:*:* |
24 Feb 2026, 20:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-24 20:27
Updated : 2026-06-17 10:26
NVD link : CVE-2026-26341
Mitre link : CVE-2026-26341
CVE.ORG link : CVE-2026-26341
JSON object : View
Products Affected
tattile
- vega11_firmware
- smart\+_speed_firmware
- smart\+_speed
- axle_counter
- smart\+_traffic_light
- tolling\+_firmware
- axle_counter_firmware
- tolling\+
- vega11
- vega53_firmware
- smart\+
- vega53
- anpr_mobile_firmware
- vega33
- anpr_mobile
- vega33_firmware
- basic_mk2_firmware
- smart\+_firmware
- basic_mk2
- smart\+_traffic_light_firmware
CWE
CWE-1392
Use of Default Credentials
