Tattile Devices Ship with Default Passwords, Leaving Data Accessible

Summary

Tattile Smart+, Vega, and Basic devices with outdated firmware are vulnerable to unauthorized access. An attacker can log in with default credentials, gaining access to device settings and data. Update firmware to the latest version to secure your devices.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
tattile	smart\+_firmware	<= 1.181.5	–
tattile	tolling\+_firmware	<= 1.181.5	–
tattile	smart\+_speed_firmware	<= 1.181.5	–
tattile	smart\+_traffic_light_firmware	<= 1.181.5	–
tattile	axle_counter_firmware	<= 1.181.5	–
tattile	vega53_firmware	<= 1.181.5	–
tattile	vega33_firmware	<= 1.181.5	–
tattile	vega11_firmware	<= 1.181.5	–
tattile	basic_mk2_firmware	<= 1.181.5	–
tattile	anpr_mobile_firmware	<= 1.181.5	–

Original title

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker...

Original description

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

nvd CVSS3.1 9.8

nvd CVSS4.0 9.3

Vulnerability type

CWE-1392

https://www.tattile.com/ Product
https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credential... Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php Third Party Advisory Exploit