关键信息 Title: Tattile Cameras 1.181.5 Use of Default Credentials Advisory ID: ZSL-2026-5977 Type: Local/Remote Impact: System Access, DoS Risk: 5/5 Release Date: 24.02.2026 Summary Tattile cameras ship with default credentials that remain active post-installation without requiring a mandatory password change. This can lead to unauthorized access and system downtime. Vendor Tattile s.r.l. - https://www.tattile.com Affected Version Smart+ family: Smart+, Tapping+, Smart+ Speed, Smart+ Traffic Light Vega family: Axle Counter Vega 53, Vega33 & Vega 11 Basic family: Basic MK2 ANPR Mobile Firmware: 1.181.5 Tested On lighttpd/1.4.64 Vendor Status Discovery Date: 22.01.2026 Vendor contacted and responded requesting account details. Vendor confirmed vulnerability on 11.02.2026, patch planned for May 2026. Confirmation of other vulnerabilities scheduled for patching. Draft advisories sent for review on 23.02.2026. PoC Credits Vulnerability discovered by Gjoko Krstic - [contact info] References [1] https://www.cve.org/CVERecord?id=CVE-2026-26341