CVE-2026-26341
published 2026-02-24CVE-2026-26341: Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.66%
83.8th percentile
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tattile | anpr_mobile_firmware | <= 1.181.5 | — |
| tattile | axle_counter_firmware | <= 1.181.5 | — |
| tattile | basic_mk2_firmware | <= 1.181.5 | — |
| tattile | smart_+_firmware | <= 1.181.5 | — |
| tattile | smart_+_speed_firmware | <= 1.181.5 | — |
| tattile | smart_+_traffic_light_firmware | <= 1.181.5 | — |
| tattile | tolling_+_firmware | <= 1.181.5 | — |
| tattile | vega11_firmware | <= 1.181.5 | — |
| tattile | vega33_firmware | <= 1.181.5 | — |
| tattile | vega53_firmware | <= 1.181.5 | — |
| tattile_s.r.l | anpr_mobile | <= 1.181.5 | — |
| tattile_s.r.l | axle_counter | <= 1.181.5 | — |
| tattile_s.r.l | basic_mk2 | <= 1.181.5 | — |
| tattile_s.r.l | smart | <= 1.181.5 | — |
| tattile_s.r.l | smart+_speed | <= 1.181.5 | — |
| tattile_s.r.l | smart+_traffic_light | <= 1.181.5 | — |
| tattile_s.r.l | tolling | <= 1.181.5 | — |
| tattile_s.r.l | vega11 | <= 1.181.5 | — |
| tattile_s.r.l | vega33 | <= 1.181.5 | — |
| tattile_s.r.l | vega53 | <= 1.181.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlGET /api/v1/security/login HTTP/1.1
otherBasic c3VwZXJ1c2VyOnN1cGVydXNlcg==
path/api/v1/security/login
- →Fingerprint Tattile camera management interface by checking HTTP response body for the string 'Tattile camera manager' on port 80/443.
- →Shodan query to identify exposed Tattile camera management interfaces: http.html:"Tattile camera manager"
- →FOFA query to identify Tattile devices by icon hash: icon_hash=="2030104257"
- →Successful default-credential login to /api/v1/security/login returns HTTP 200 with content-type text/plain and a UUID-format session token in the body (regex: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$).
- →Default credentials used are superuser:superuser, encoded as Base64 'c3VwZXJ1c2VyOnN1cGVydXNlcg==' in the HTTP Basic Authorization header against the /api/v1/security/login endpoint.
- ·Affected firmware versions are 1.181.5 and prior across Tattile Smart+, Vega, and Basic device families. The vulnerability is only exploitable if the management interface is network-reachable. ↗
- ·The Nuclei template uses a two-step flow: first confirm the Tattile camera manager page is present (HTTP 200 + body match), then attempt the default-credential login. Both conditions must be satisfied for a positive detection.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Tattile Camera < 1.181.5 - Default Login
nuclei·CVSS 9.3
CVE-2026-26341 [CRITICAL] Tattile Camera < 1.181.5 - Default Login
Tattile Camera < 1.181.5 - Default Login
Tattile Smart+, Vega, and Basic device families firmware <= 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges.
Template:
id: CVE-2026-26341
info:
name: Tattile Camera < 1.181.5 - Default Login
author: 0x_Akoko
severity: high
description: |
Tattile Smart+, Vega, and Basic device families firmware <= 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges.
impact: |
Attackers can gain administrative access to device configuration and data, leading to unauthorized control and data exposure.
remediation:
No writeups or analysis indexed.
2026-02-24
Published