9.8критическая
CVE-2026-26341
Описание
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Затрагиваемое ПО
Tattile Smart\+ firmwareTattile Smart\+Tattile Tolling\+ firmwareTattile Tolling\+Tattile Smart\+ speed firmwareTattile Smart\+ speedTattile Smart\+ traffic light firmwareTattile Smart\+ traffic lightTattile Axle counter firmwareTattile Axle counterTattile Vega53 firmwareTattile Vega53Tattile Vega33 firmwareTattile Vega33Tattile Vega11 firmwareTattile Vega11Tattile Basic mk2 firmwareTattile Basic mk2Tattile Anpr mobile firmwareTattile Anpr mobile
CVSS
| Балл | 9.8 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Источники
https://www.tattile.com/https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentialshttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php