9.8
CVE-2026-26341
- EPSS 0.13%
- Veröffentlicht 24.02.2026 18:40:54
- Zuletzt bearbeitet 26.02.2026 17:31:23
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginTattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tattile ≫ Smart+ Firmware Version <= 1.181.5
Tattile ≫ Tolling+ Firmware Version <= 1.181.5
Tattile ≫ Smart+ Speed Firmware Version <= 1.181.5
Tattile ≫ Smart+ Traffic Light Firmware Version <= 1.181.5
Tattile ≫ Axle Counter Firmware Version <= 1.181.5
Tattile ≫ Vega53 Firmware Version <= 1.181.5
Tattile ≫ Vega33 Firmware Version <= 1.181.5
Tattile ≫ Vega11 Firmware Version <= 1.181.5
Tattile ≫ Basic Mk2 Firmware Version <= 1.181.5
Tattile ≫ Anpr Mobile Firmware Version <= 1.181.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.323 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1392 Use of Default Credentials
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.