Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-26341— Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

AI Predicted 8.1 Difficulty: Trivial EPSS 8.91% · P93

Public Exploits 1

Nuclei · 1 CVE-2026-26341.yaml [template]
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-26341

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
Source: NVD (National Vulnerability Database)
Vulnerability Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1392
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tattile Smart+ 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tattile Smart+是意大利Tattile公司的一个智能车牌识别摄像机。 Tattile Smart+ 1.181.5及之前版本存在安全漏洞,该漏洞源于使用未强制更改的默认凭据,可能导致攻击者通过管理界面进行身份验证并获得管理访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Tattile s.r.l.Smart+ 0 ~ 1.181.5 -
Tattile s.r.l.Tolling+ 0 ~ 1.181.5 -
Tattile s.r.l.Smart+ Speed 0 ~ 1.181.5 -
Tattile s.r.l.Smart+ Traffic Light 0 ~ 1.181.5 -
Tattile s.r.l.Axle Counter 0 ~ 1.181.5 -
Tattile s.r.l.Vega53 0 ~ 1.181.5 -
Tattile s.r.l.Vega33 0 ~ 1.181.5 -
Tattile s.r.l.Vega11 0 ~ 1.181.5 -
Tattile s.r.l.Basic MK2 0 ~ 1.181.5 -
Tattile s.r.l.ANPR Mobile 0 ~ 1.181.5 -

II. Public POCs for CVE-2026-26341

#POC DescriptionSource LinkShenlong Link
1Tattile Smart+, Vega, and Basic device families firmware <= 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-26341.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-26341

登录查看更多情报信息。

Proof of Concept for CVE-2026-26341 (1)

Same Patch Batch · Tattile s.r.l. · 2026-02-24 · 3 CVEs total

CVE-2026-26340Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
CVE-2026-26342Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

IV. Related Vulnerabilities

Same product: Smart+
Same vendor: Tattile s.r.l.
Same weakness: CWE-1392

V. Comments for CVE-2026-26341

No comments yet

Leave a comment