Smart+ Speed Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:tattile:smart\+_speed_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Tattile (7a9fbb55-5578-5061-87a8-ee46ee395acd) |
|---|---|
| Product | Smart+ Speed Firmware (a65228e3-33de-5293-8baf-d5421c3bcd5f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-26342 |
vulnerable | 2026-06-03 15:18:05.613636 |
Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Published: 2026-02-24T18:41:09.935Z
Updated: 2026-03-05T01:31:07.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-26341 |
vulnerable | 2026-06-03 15:18:05.611366 |
Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Published: 2026-02-24T18:40:54.212Z
Updated: 2026-03-05T01:31:06.767Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-26340 |
vulnerable | 2026-06-03 15:18:05.589254 |
Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.
Published: 2026-02-24T18:40:35.393Z
Updated: 2026-03-05T01:31:05.967Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.